FS#28610 - [linux] Disable CONFIG_STRICT_DEVMEM

Attached to Project: Arch Linux
Opened by Butcher Blues (Butcher) - Thursday, 23 February 2012, 17:54 GMT
Last edited by Tobias Powalowski (tpowa) - Friday, 24 February 2012, 07:24 GMT
Task Type Bug Report
Category Packages: Core
Status Closed
Assigned To No-one
Architecture All
Severity Very Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

Please disable CONFIG_STRICT_DEVMEM or give a good explanation for it to be enabled.
This task depends upon

Closed by  Tobias Powalowski (tpowa)
Friday, 24 February 2012, 07:24 GMT
Reason for closing:  Won't implement
Comment by Jan de Groot (JGC) - Thursday, 23 February 2012, 18:59 GMT
Documentation (and some security bug we fixed by enabling this long time ago) suggests to turn it on, so I think you should give a good explanation why it needs to be disabled instead.
Comment by Butcher Blues (Butcher) - Thursday, 23 February 2012, 19:21 GMT
Thanks for answering, can you give me a link to that security bug?
Comment by Gerardo Exequiel Pozzi (djgera) - Thursday, 23 February 2012, 23:41 GMT
See  FS#14263   FS#14317 
Comment by Butcher Blues (Butcher) - Friday, 24 February 2012, 00:09 GMT
 FS#14263  doesn't provide an explanation.
And read the first comment on  FS#14317 .
Comment by Gerardo Exequiel Pozzi (djgera) - Friday, 24 February 2012, 00:36 GMT
Yes I know. The point is, there is no need to open doors for rootkits. See that such thing is not configurable at runtime or via bootparam. Having unrestricted access to memory allows injecting code and doing lots of thing in a silent way.
Comment by Tobias Powalowski (tpowa) - Friday, 24 February 2012, 07:24 GMT
fedora also enables it, so won't disabling it.

Loading...