Announcement

Collapse
No announcement yet.

Linux 4.16 Is Tightening Up Access To /dev/mem By Default

Collapse
X
Collapse
 
  • Page of 3
  • Filter
  • Time
  • Show
Clear All
new posts
Previous 1 2 3 template Next
  • #1

    Linux 4.16 Is Tightening Up Access To /dev/mem By Default

    Phoronix: Linux 4.16 Is Tightening Up Access To /dev/mem By Default

    One of the security improvements to Linux 4.16 is improving the default behavior for restricted access to /dev/mem for x86/x86_64 and ARM64 systems...

    Linux 4.16 Is Tightening Up Access To /dev/mem By Default - Phoronix
    http://www.phoronix.com/scan.php?page=news_item&px=Linux-4.16-Def-Strict-Dev-Mem
    Phoronix, Linux Hardware Reviews, Linux hardware benchmarks, Linux server benchmarks, Linux benchmarking, Desktop Linux, Linux performance, Open Source graphics, Linux How To, Ubuntu benchmarks, Ubuntu hardware, Phoronix Test Suite
    Tags: None
  • #2
    What ever happened to "security people are f$cking morons", "don't break users", and "I don't trust security people to do sane things"?

    Comment

    • #3
      Originally posted by InsideJob View Post
      If you're paranoid about sleeper cell in caves on the other side of the planet demolishing skyscrapers with jet fuel, then you can enable all the Nazi stuff that makes you feel safe and secure.
      Name checks out.

      Comment

      • #4
        Originally posted by InsideJob View Post
        Freedom should be the default.
        I'm afraid you didn't quite get the point. No one tells you can't flip that flag for your kernel and recompile it. You are still free to do whatever you want. It's just a default, because most users prefer a secure by default OS.

        Originally posted by InsideJob View Post
        Now may be the time for me to switch to BSD and leave Linux behind for good.
        I'm afraid we won't miss you...

        • Likes 4

        Comment

        • #5
          Don't Raspberry users need this access for device memory?

          Comment

          • #6
            but obviously isn't wise keeping this feature disabled on production systems
            Michael

            I guess you made a mistake.
            • Likes 1

            Comment

            • #7
              Originally posted by birdie View Post

              Michael

              I guess you made a mistake.
              Thanks. Cleared up the sentence.
              Michael Larabel
              https://www.michaellarabel.com/

              Comment

              • #8
                Security through obscurity?

                there are many ways that root can read memory. Hiding the obvious mechanism doesn’t stop that.

                Comment

                • #9
                  I've been running CONFIG_STRICT_DEVMEM=y since the beginning of 2012, with kernel 3.2.0. Prior to that the setting was available, but I hadn't been using it.

                  Comment

                  • #10
                    Originally posted by InsideJob View Post
                    Now may be the time for me to switch to BSD and leave Linux behind for good.
                    don't wait, start now
                    • Likes 4

                    Comment

                    Previous 1 2 3 template Next
                    Working...
                    X