From: Andi Kleen <andi@firstfloor.org>
To: Henrique de Moraes Holschuh <hmh@hmh.eng.br>
Cc: Robert Hancock <hancockrwd@gmail.com>,
"Anton D. Kachalov" <mouse@mayc.ru>,
linux-kernel@vger.kernel.org
Subject: Re: Reading /dev/mem by dd
Date: Thu, 12 Nov 2009 17:44:32 +0100 [thread overview]
Message-ID: <878web7kwf.fsf@basil.nowhere.org> (raw)
In-Reply-To: <20091112021209.GA21625@khazad-dum.debian.net> (Henrique de Moraes Holschuh's message of "Thu, 12 Nov 2009 00:12:09 -0200")
Henrique de Moraes Holschuh <hmh@hmh.eng.br> writes:
>
> We should. Imaging /dev/mem is one of the oldest tricks in the book of the
> forensics people, they do it to live systems to help track down WTF happened
> to a compromised host. This kind of crap bites them hard.
It seems more like a case of hurting themselves.
>
> IMO: if you're going to provide /dev/mem, make it as safe as possible.
That would also make it useless for people who want to access MMIO using
/dev/mem. Which is a lot of programs.
-Andi
--
ak@linux.intel.com -- Speaking for myself only.
next prev parent reply other threads:[~2009-11-12 16:44 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-11-11 14:36 Reading /dev/mem by dd Anton D. Kachalov
2009-11-11 16:20 ` Américo Wang
2009-11-12 15:46 ` Anton D. Kachalov
2009-11-11 21:09 ` Robert Hancock
2009-11-12 2:12 ` Henrique de Moraes Holschuh
2009-11-12 11:09 ` Alan Cox
2009-11-12 16:06 ` Henrique de Moraes Holschuh
2009-11-12 17:52 ` Alan Cox
2009-11-12 16:44 ` Andi Kleen [this message]
2009-11-12 17:37 ` Henrique de Moraes Holschuh
2009-11-12 17:49 ` Alan Cox
2009-11-12 17:57 ` Henrique de Moraes Holschuh
2009-11-12 18:13 ` Alan Cox
2009-11-12 20:02 ` Henrique de Moraes Holschuh
2009-11-12 20:06 ` Alan Cox
2009-11-12 21:07 ` Krzysztof Halasa
2009-11-12 21:29 ` Cyrill Gorcunov
-- strict thread matches above, loose matches on Subject: below --
2010-02-16 8:35 Nameer Yarkon
2010-02-16 8:41 ` Andi Kleen
2010-02-16 9:03 ` Nameer Yarkon
2010-02-16 12:31 ` Alan Cox
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=878web7kwf.fsf@basil.nowhere.org \
--to=andi@firstfloor.org \
--cc=hancockrwd@gmail.com \
--cc=hmh@hmh.eng.br \
--cc=linux-kernel@vger.kernel.org \
--cc=mouse@mayc.ru \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.