标题: Diable CONFIG_STRICT_DEVMEN 对系统安全影响有多大 [打印本页] 作者: linuxfellow 时间: 2014-02-06 10:44 标题: Diable CONFIG_STRICT_DEVMEN 对系统安全影响有多大 需要/dev/mem 来进行DDR 测试, 就要去掉CONFIG_STRICT_DEVMEN。 不知这样会如何影响系统安全。作者: humjb_1983 时间: 2014-02-07 09:48
去掉后将运行用户态访问所有的物理内存,应该是有安全问题的,比如用户态程序可以通过物理内存窥探进程或内核的内存分布情况~,
如下是该内核配置的相关解释:
If this option is disabled, you allow userspace (root) access to all x
x of memory, including kernel and userspace memory. Accidental x
x access to this is obviously disastrous, but specific access can x
x be used by people debugging the kernel. Note that with PAT support x
x enabled, even in this case there are restrictions on /dev/mem x
x use due to the cache aliasing requirements. x
x x
x If this option is switched on, the /dev/mem file only allows x
x userspace access to PCI space and the BIOS code and data regions. x
x This is sufficient for dosemu and X and all common users of x
x /dev/mem. 作者: 瀚海书香 时间: 2014-02-08 16:36 回复 1# linuxfellow
应该问题不大。我见过有些安全产品为了实现某个功能也这么搞