- `/dev/mem` should only be accessible by root or whoever you set the permissions to (don't `chmod 777 /dev/mem`).
- root can install device drivers which have full executable run of the system anyway and do anything you can do with this device; this is also true on Windows.
- it's possible to build a Linux kernel without `/dev/mem` support and also without loadable module support (I think), so if your threat model indicates this needs to be addressed it is possible.
>root can install device drivers which have full executable run of the system anyway and do anything you can do with this device; this is also true on Windows.
Oddly enough, no. Or atleast last time I tried on Ubuntu I had to disable secure boot. Seemed like an easier way than to sign the build files
tenebrisalietum|3 years ago
- root can install device drivers which have full executable run of the system anyway and do anything you can do with this device; this is also true on Windows.
- read about CONFIG_STRICT_DEVMEM - https://man7.org/linux/man-pages/man4/mem.4.html#:~:text=Sin....
- wait until you hear about `/dev/kmem`.
- it's possible to build a Linux kernel without `/dev/mem` support and also without loadable module support (I think), so if your threat model indicates this needs to be addressed it is possible.
amarshall|3 years ago
no_time|3 years ago
Oddly enough, no. Or atleast last time I tried on Ubuntu I had to disable secure boot. Seemed like an easier way than to sign the build files
unknown|3 years ago
[deleted]
colechristensen|3 years ago