ZD Net had an article entitled "Kernel vulnerability places Samsung devices at risk" and I thought "so, what's new" until I followed the link to the forum post on xda-developers. Then I just lost it because I'm certain that this is a result of plain and simple laziness.
Here are my arguments for why I think it's laziness: First, This is Samsung we're talking about here. This error was should have been caught in code review or QA. Second, according to the first post the primary users of /dev/exynos-mem is
graphic usage like camera, graphic memory allocation, hdmi. By activating pid display in kmsg, surfaceflinger do mmap on the device (via one of the three shared libraries above ?? I have not see reference in binary to these libraires).
Third, the documentation clearly states that "This maps the platforms RAM, and typically maps all platform RAM in a 1:1 relationship." Therefore, I would say that allowing a global read-write of /dev/exynos-mem was a design decision and the decision was probably made by someone with enough clout in the company to effectively silence anyone who pointed the obvious error in taking this route.
Well guess what, security is inconvenient. It gets in the way of getting things done quickly. It'll slow your application down. It'll add to the development effort. It's hard to get it completely right. However, getting inconvenienced beats looking like a dumb idiot.
Cross-posted on Home+Power