From: Andi Kleen <andi@firstfloor.org>
To: Henrique de Moraes Holschuh <hmh@hmh.eng.br>
Cc: Robert Hancock <hancockrwd@gmail.com>,
"Anton D. Kachalov" <mouse@mayc.ru>,
linux-kernel@vger.kernel.org
Subject: Re: Reading /dev/mem by dd
Date: Thu, 12 Nov 2009 17:44:32 +0100 [thread overview]
Message-ID: <878web7kwf.fsf@basil.nowhere.org> (raw)
In-Reply-To: <20091112021209.GA21625@khazad-dum.debian.net> (Henrique de Moraes Holschuh's message of "Thu, 12 Nov 2009 00:12:09 -0200")
Henrique de Moraes Holschuh <hmh@hmh.eng.br> writes:
>
> We should. Imaging /dev/mem is one of the oldest tricks in the book of the
> forensics people, they do it to live systems to help track down WTF happened
> to a compromised host. This kind of crap bites them hard.
It seems more like a case of hurting themselves.
>
> IMO: if you're going to provide /dev/mem, make it as safe as possible.
That would also make it useless for people who want to access MMIO using
/dev/mem. Which is a lot of programs.
-Andi
--
ak@linux.intel.com -- Speaking for myself only.
next prev parent reply other threads:[~2009-11-12 16:44 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-11-11 14:36 Reading /dev/mem by dd Anton D. Kachalov
2009-11-11 16:20 ` Américo Wang
2009-11-12 15:46 ` Anton D. Kachalov
2009-11-11 21:09 ` Robert Hancock
2009-11-12 2:12 ` Henrique de Moraes Holschuh
2009-11-12 11:09 ` Alan Cox
2009-11-12 16:06 ` Henrique de Moraes Holschuh
2009-11-12 17:52 ` Alan Cox
2009-11-12 16:44 ` Andi Kleen [this message]
2009-11-12 17:37 ` Henrique de Moraes Holschuh
2009-11-12 17:49 ` Alan Cox
2009-11-12 17:57 ` Henrique de Moraes Holschuh
2009-11-12 18:13 ` Alan Cox
2009-11-12 20:02 ` Henrique de Moraes Holschuh
2009-11-12 20:06 ` Alan Cox
2009-11-12 21:07 ` Krzysztof Halasa
2009-11-12 21:29 ` Cyrill Gorcunov
-- strict thread matches above, loose matches on Subject: below --
2010-02-16 8:35 Nameer Yarkon
2010-02-16 8:41 ` Andi Kleen
2010-02-16 9:03 ` Nameer Yarkon
2010-02-16 12:31 ` Alan Cox
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=878web7kwf.fsf@basil.nowhere.org \
--to=andi@firstfloor.org \
--cc=hancockrwd@gmail.com \
--cc=hmh@hmh.eng.br \
--cc=linux-kernel@vger.kernel.org \
--cc=mouse@mayc.ru \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox