> This is non-sense. It is a feature. I need it when working on my ARM > based system and trying to debug some hardware that needs writing to > specific memory locations.
If something is assiting you in debug, that does not make it fall into a feature. And saying that it is a feature, it does not claim that it is not vulnerable to attacks. If you really want to use this for debugging, you may do it on a development system which you can not risk for security attacks. For a production system or server, you may not want to use it for any debugging and it may be lying there without any purpose for its security vulnerability. If it is a configurable options, its good to compile the kernel for your debugging purpose. Look at the patch below, at least there are people who assume that it is vulnerability: http://kerneltrap.org/mailarchive/linux-kernel/2008/2/11/809424 It is almost like saying that apple can't get rotten because you like the taste. P.S. I am not making any attempt to convey that we need a fix for it. But someone just started with saying it is a security loop whole, so I am just agreeing, yes it falls into that category. Thanks, Rajat On Thu, Oct 28, 2010 at 1:27 PM, Wouter Simons <[email protected]>wrote: > On 10/27/2010 06:54 PM, Rajat Sharma wrote: > > In any case, no one can claim its not security hole, it is definitely, > > but only restricted to privileged processes. Any of the vulnerable > > process can make life easy for hackers. Also no one can build 100% > > secure system. > > This is non-sense. It is a feature. I need it when working on my ARM > based system and trying to debug some hardware that needs writing to > specific memory locations. > > If you want to call this a security hole then I think you should > consider how the balance between usability and security works. If a > system needs to be 100% secure it should be powered off, with cables > physically removed from any power outlet and stored in the vault of the > federal reserve or somesuch. > > Here is a message about restricting the access through /dev/mem on x86, > check your kernel config to see how well protected you are: > http://lwn.net/Articles/267427/ > > But here I am claiming that it is a feature not a security hole. > > ;-) > > Wouter >
