CONFIG DEVMEM PROTECT

From Exploitee.rs
Jump to navigationJump to search

Overview

Although we have not found a specific implementation for this kernel configuration item, it is most likely similar in nature to CONFIG_NONPROMISC_DEVMEM or CONFIG_STRICT_DEVMEM options in other kernel distributions. The purpose of this parameter would be to restrict user space applications from accessing kernel space (i.e. ring 0) memory via the /dev/mem character device. Preliminary testing reveals that requests to read from where the kernel is loaded (i.e. above 1MB) fail with EACCES even while root and with properly set permissions on the device. Without this protection in place it would be possible to modify kernel structures and subvert other security mechanisms such as the CONFIG_MODULE_SIG protection.