I understand that /dev/kmem
and /dev/mem
provide access to the memory (i.e. raw RAM) of the system. I am also aware, that /dev/kmem
can be completely disabled in kernel and that access can be restricted for /dev/mem
.
It seems to me, having raw access to memory can be useful for developers and hackers, but why should I need access to memory through /dev/mem
. AFAIK it cannot be disabled in kernel (unlike /dev/kmem
). Having access to raw memory that can be potentially abused/exploited seems to me to be just asking for trouble.
Is there some practical use for it? Do any user programs require it to work properly?
Best Answer
There's a slide deck from Scale 7x 2009 titled: Undermining the Linux Kernel: Malicious Code Injection via /dev/mem that contained these 2 bullets.
From everything I've found from search thus far it would appear that these 2 bullets are the front-runners for legitimate uses.
References