On Fri, 5 May 2000, Tigran Aivazian wrote:
> On Fri, 5 May 2000, Michal Kosek wrote:
> > I want to learn something about using of /dev/kmem.
>
> The idea of /dev/kmem is that file "offsets" in it correspond to kernel
> virtual addresses, so seeking to the addresses of "well-known" symbols and
> reading values off there gives you the values of kernel data
> structures. Of course, these values are not 100% self-consistent because
> the kernel data structures change while you are reading/writing them.
Yes, but how can I know what is offset of any specific structure I want to
read??
>
> Linux version of /dev/kmem has one limitation - you cannot write to
> vmalloc'd range of addresses but you can read from them. Amit Kale (of
> VERITAS) solved this problem and sent a patch so if you need this ability
> - look for it in archives.
Does it mean that even if I left /dev/kmem world-writable noone would be
able to do anything with my system????????
>
> As for examples of usage of /dev/kmem - some old (and also non-Linux)
> versions of ps(1) used to use /dev/kmem - nowadays it is much better to
> access kernel data structures via well-defined interfaces exported by
> /proc.
Yes, but as I wrote in my previous mail: using /dev/kmem for process list
may be useful in finding some well-hidden backdoors - so I'd like to know
how to do it...
-- Michal Kosek You should pay homage to my homepage http://www.v-lo.krakow.pl/klasa4e/dziady3.html (For Polish Linux lovers - rest won't understand...;)- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Fri May 05 2000 - 08:08:10 EDT