素包子

今天给一个机器换内核，下了个最新的2.6.27来看，发现在kernel hack里多了Filter access to /dev/mem选项，挺不错的功能，等几大发行版用了这个版本的内核，大家又得想起他的办法装rootkit了。（具体不清楚是哪个版本加的这个新功能）。下面的内容不大好看，将就点了。

If this option is disabled, you allow userspace (root) access to all                                                        |
| of memory, including kernel and userspace memory. Accidental                                                                |
| access to this is obviously disastrous, but specific access can                                                             |
| be used by people debugging the kernel. Note that with PAT support                                                          |
| enabled, even in this case there are restrictions on /dev/mem                                                               |
| use due to the cache aliasing requirements.                                                                                 |
|                                                                                                                             |
| If this option is switched on, the /dev/mem file only allows                                                                |
| userspace access to PCI space and the BIOS code and data regions.                                                           |
| This is sufficient for dosemu and X and all common users of                                                                 |
| /dev/mem.                                                                                                                   |
|                                                                                                                             |
| If in doubt, say Y.                    

包子猜您可能还喜欢下列文章：

1. What is kernel panic
2. Linux Kernel Dump Summit 2005
3. Choosing an I/O Scheduler for Red Hat® Enterprise Linux® 4 and the 2.6 Kernel
4. Linux: Kernel Crash Dumps
5. Oracle Enterprise Linux (OEL) Release Notes