FS#23327 - [kernel26] Disable /dev/kmem
Attached to Project:
Arch Linux
Opened by Jamie Nguyen (jnguyen) - Friday, 18 March 2011, 14:08 GMT
Last edited by Tobias Powalowski (tpowa) - Friday, 25 March 2011, 08:01 GMT
Opened by Jamie Nguyen (jnguyen) - Friday, 18 March 2011, 14:08 GMT
Last edited by Tobias Powalowski (tpowa) - Friday, 25 March 2011, 08:01 GMT
|
Details
Description:
CONFIG_DEVKMEM is currently enabled in the Arch Linux kernel. This has been disabled in several other distributions for quite some time: since 2004 in RHEL/Fedora[1], and since 2009 in Debian/Ubuntu[2][3]. Jonathan Corbet wrote this on LWN.net back in 2005: "It has been suggested that root kits are the largest user community for this kind of access... The Fedora kernel, as it turns out, has not supported /dev/kmem for a long time."[4] I feel it is definitely in the interests of the Arch Linux community for this option to be disabled. [1] http://kerneltrap.org/mailarchive/linux-kernel/2008/2/10/809144/thread [2] http://web.archiveorange.com/archive/v/UsR4nWY5S8peg7kZRPUt [3] https://wiki.ubuntu.com/Security/Features#dev-kmem [4] http://lwn.net/Articles/147901/ |
This task depends upon
Closed by Tobias Powalowski (tpowa)
Friday, 25 March 2011, 08:01 GMT
Reason for closing: Fixed
Additional comments about closing: in .38 series and lts kernels
Friday, 25 March 2011, 08:01 GMT
Reason for closing: Fixed
Additional comments about closing: in .38 series and lts kernels
I don't object disabling this.