From owner-cvs-all@FreeBSD.ORG Mon Aug 2 12:14:21 2004 Return-Path: Delivered-To: cvs-all@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A70D016A4CF for ; Mon, 2 Aug 2004 12:14:21 +0000 (GMT) Received: from smtp.des.no (flood.des.no [217.116.83.31]) by mx1.FreeBSD.org (Postfix) with ESMTP id 69E8743D6B for ; Mon, 2 Aug 2004 12:14:21 +0000 (GMT) (envelope-from des@des.no) Received: by smtp.des.no (Pony Express, from userid 666) id 049DA530C; Mon, 2 Aug 2004 14:14:16 +0200 (CEST) Received: from dwp.des.no (des.no [80.203.228.37]) by smtp.des.no (Pony Express) with ESMTP id DC7DC5308; Mon, 2 Aug 2004 14:14:09 +0200 (CEST) Received: by dwp.des.no (Postfix, from userid 2602) id A6601B872; Mon, 2 Aug 2004 14:14:09 +0200 (CEST) To: Matteo Riondato References: <200408011140.i71BesOt070889@repoman.freebsd.org> <1091447175.2201.48.camel@kaiser.sig11.org> From: des@des.no (=?iso-8859-1?q?Dag-Erling_Sm=F8rgrav?=) Date: Mon, 02 Aug 2004 14:14:09 +0200 In-Reply-To: <1091447175.2201.48.camel@kaiser.sig11.org> (Matteo Riondato's message of "Mon, 02 Aug 2004 13:46:15 +0200") Message-ID: User-Agent: Gnus/5.1006 (Gnus v5.10.6) Emacs/21.3 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on flood.des.no X-Spam-Level: X-Spam-Status: No, hits=0.0 required=5.0 tests=AWL autolearn=no version=2.63 cc: cvs-all@FreeBSD.org Subject: Re: cvs commit: src/sys/alpha/alpha mem.c src/sys/alpha/conf GENERIC src/sys/alpha/include memdev.h src/sys/amd64/amd64 io.c mem.c src/sys/amd64/conf GENERIC NOTES src/sys/amd64/include iodev.h memdev.h src/sys/conf NOTES files files.alpha files.amd64 ... X-BeenThere: cvs-all@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: CVS commit messages for the entire tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 Aug 2004 12:14:21 -0000 Matteo Riondato writes: > Dag-Erling Sm=F8rgrav wrote: > > The other good news of course is that it is now possible to build a > > kernel that does not have /dev/mem and /dev/io - that's pretty > > significant from a security point of view. Thanks! > Can you please explain why it's signficant? /dev/mem and /dev/io are back doors to a system's memory and hardware, which allow you to bypass all error and credential checks once you've gained access to them. For instance, an attacker which manages to obtain read access to /dev/mem (e.g. by exploiting a hole in a setgid kmem application) can read any data present in system memory, including the contents of the buffer cache, and stuff like unencrypted ssh keys held in memory by an ssh agent. Of course, /dev/mem and /dev/io can be protected through conventional means (including removing the actual device nodes), but given the choice between protecting a back door and not having one in the first place, I definitely prefer the latter. DES --=20 Dag-Erling Sm=F8rgrav - des@des.no