Device driver development cautions

Device drivers are part of the operating system kernel and as such are unrestricted in their actions. The creation or modification of device drivers is as sensitive as modification of the kernel itself. Unfortunately, users often need to create or modify device drivers. This should only be done with extreme caution.

It is impossible to list all of the specific cautions to be used when writing device drivers, since there are so many ways that drivers (sometimes quite innocently) can subvert the security of the system. Therefore, the creation of secure device drivers is left more to the judgment and experience of the designers.

Device drivers should perform nothing more than simple device management. Device drivers created essentially for the purpose of adding new system calls to the system, including many pseudo-device drivers such as those for /dev/kmem, should be considered new system calls and designed accordingly. The guidelines in this section refer principally to those drivers that are legitimate device managers.

You should study standard device drivers before you attempt to create new ones. The principal security actions of device drivers are those involved with the execution of the open and ioctl system calls.