Re: Fwd: ioperm is preserved across fork and execve, but iopl is not
From: H. Peter Anvin
Date: Mon May 11 2015 - 16:57:00 EST
On 05/11/2015 01:49 PM, Alex Henrie wrote:
> The ioperm and iopl calls are both used to grant a process permission
> to access I/O devices directly. iopl(3) is equivalent to ioperm(0,
> 0xFFFF, 1). However, permissions granted through ioperm are preserved
> across fork and execve, and permissions granted through iopl are not.
> This makes no sense: The two calls do the same thing, so there is no
> security benefit to dropping one on fork or execve but not the other.
They don't, in fact. An iopl(3) process is allowed to disable
interrupts in user space, which an ioperm() process is not.
This is a HUGE deal. This really makes me wonder if iopl(3) should be
allowed at all, or if we should just intercept it and treat it as ioperm().
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/