- 论坛徽章:
- 15
|
去掉后将运行用户态访问所有的物理内存,应该是有安全问题的,比如用户态程序可以通过物理内存窥探进程或内核的内存分布情况~,
如下是该内核配置的相关解释:
If this option is disabled, you allow userspace (root) access to all x
x of memory, including kernel and userspace memory. Accidental x
x access to this is obviously disastrous, but specific access can x
x be used by people debugging the kernel. Note that with PAT support x
x enabled, even in this case there are restrictions on /dev/mem x
x use due to the cache aliasing requirements. x
x x
x If this option is switched on, the /dev/mem file only allows x
x userspace access to PCI space and the BIOS code and data regions. x
x This is sufficient for dosemu and X and all common users of x
x /dev/mem. |
|