View previous topic :: View next topic |
Author |
Message |
Carlos Guru
Joined: 07 Aug 2002 Posts: 458 Location: Providence, RI
|
Posted: Sat Aug 10, 2002 12:28 pm Post subject: "cat /dev/mem >> /dev/null": Operation not p |
|
|
I want my user account to have access to /dev/mem so I can use DGA under Wine and I don't want to log in as root to do that. I know that I have the permissions and read/write access set properly, because once I got them right I started getting "Operation not permitted" errors instead of "Permission denied" errors. I've tried restarting the shell, logging off, etc. Is this because of some kind of security feature in the kernel? I haven't turned grsecurity on or installed LIDS or anything of the sort; what could be preventing me from accessing /dev/mem? Any help would be appreciated. |
|
Back to top |
|
|
Carlos Guru
Joined: 07 Aug 2002 Posts: 458 Location: Providence, RI
|
Posted: Sun Sep 15, 2002 12:39 am Post subject: kernel hack |
|
|
If anyone wants to know how to access /dev/mem, I figured it out. Basically, for a user to access /dev/mem he needs to have the RAW_SYS_IO capability, but I had no idea to do that, so I hacked mem.c in the kernel so that it would always return true when checking if the user had the correct capability. If anyone wants me to post more specifics, just go ahead and message me and I'll try to figure it out again. |
|
Back to top |
|
|
rac Bodhisattva
Joined: 30 May 2002 Posts: 6553 Location: Japanifornia
|
Posted: Sun Sep 15, 2002 4:26 am Post subject: |
|
|
Couldn't you just change the permissions in /etc/devfsd.conf? _________________ For every higher wall, there is a taller ladder |
|
Back to top |
|
|
Carlos Guru
Joined: 07 Aug 2002 Posts: 458 Location: Providence, RI
|
Posted: Sun Sep 15, 2002 12:24 pm Post subject: |
|
|
You can do that? I'm pretty sure it wasn't just a permission issue, because I made sure I was in the mem group that was the owner of /dev/mem, and also because I got "Operation not permitted" instead of "Permission denied". What could I have changed in /etc/devfsd.conf to accomplish the same thing? |
|
Back to top |
|
|
arkane l33t
Joined: 30 Apr 2002 Posts: 918 Location: Phoenix, AZ
|
Posted: Sun Sep 15, 2002 6:24 pm Post subject: |
|
|
Perhaps posting hte permissions would be better than just saying it's not a permissions issue |
|
Back to top |
|
|
rac Bodhisattva
Joined: 30 May 2002 Posts: 6553 Location: Japanifornia
|
Posted: Sun Sep 15, 2002 9:33 pm Post subject: |
|
|
Actually, I think Carlos is right. /dev/mem is protected by capabilities, above and beyond filesystem permissions. Carlos, if you are interested, the LIDS project has some more information on capabilities, including information on a tool that can be used to grant particular capabilities to particular programs. You could use LIDS to specify that certain programs have CAP_SYS_RAWIO. _________________ For every higher wall, there is a taller ladder |
|
Back to top |
|
|
Carlos Guru
Joined: 07 Aug 2002 Posts: 458 Location: Providence, RI
|
Posted: Wed Nov 06, 2002 11:54 pm Post subject: Since someone asked me, |
|
|
This is what I did:
In my Gentoo sources 2.4.19-r9 code, there's a part in mem.c that looks like this: Code: | static int open_port(struct inode * inode, struct file * filp)
{
return capable(CAP_SYS_RAWIO) ? 0 : -EPERM;
} | Basically, if you replace "capable(CAP_SYS_RAWIO)" with 1, or just change the whole line to "return true;", you'll always be able to read and write /dev/mem as long as you have permission to do so as well. _________________ Man must shape his tools lest they shape him. |
|
Back to top |
|
|
|