- `/dev/mem` should only be accessible by root or whoever you set the permissions to (don't `chmod 777 /dev/mem`).
- root can install device drivers which have full executable run of the system anyway and do anything you can do with this device; this is also true on Windows.
- it's possible to build a Linux kernel without `/dev/mem` support and also without loadable module support (I think), so if your threat model indicates this needs to be addressed it is possible.
>root can install device drivers which have full executable run of the system anyway and do anything you can do with this device; this is also true on Windows.
Oddly enough, no. Or atleast last time I tried on Ubuntu I had to disable secure boot. Seemed like an easier way than to sign the build files
Secure Boot can be configured to also trust user keys. Ubuntu's installer does it automatically if you choose to install it with third-party drivers (like Nvidia). Those user keys are then available to root to sign any DKMS kernel modules.
- root can install device drivers which have full executable run of the system anyway and do anything you can do with this device; this is also true on Windows.
- read about CONFIG_STRICT_DEVMEM - https://man7.org/linux/man-pages/man4/mem.4.html#:~:text=Sin....
- wait until you hear about `/dev/kmem`.
- it's possible to build a Linux kernel without `/dev/mem` support and also without loadable module support (I think), so if your threat model indicates this needs to be addressed it is possible.