On 30.03.2017 20:44, Laura Abbott wrote:
On 03/30/2017 10:37 AM, Kees Cook wrote:
Reads out of /dev/mem should be restricted to non-RAM on Fedora, yes?
Tommi, do your kernels have CONFIG_STRICT_DEVMEM=y ?
-Kees
CONFIG_STRICT_DEVMEM should be on in all Fedora kernels.
Yes, the fedora kernels do have it enabled:
$ grep STRICT_DEVMEM /boot/config-4.9.14-200.fc25.x86_64
CONFIG_STRICT_DEVMEM=y
CONFIG_IO_STRICT_DEVMEM=y
But I do not have it in my own build:
$ grep STRICT_DEVMEM .config
# CONFIG_STRICT_DEVMEM is not set
-Tommi
