On Sat, Nov 6, 2010 at 1:03 PM, Bruce Blinn <bruce.blinn@xxxxxxxxx> wrote: >> >> if permissions are 700 or 400 who cares you need root to do >> either and at that point if its 400 can't you just chmod 700 >> /dev/kallsyms. or am I missing something here? >> > For files in the /proc file system, it is not that simple since they need to > have a function to handle the write request. > Changing the permissions to 400 and removing the function to handle write requests from the kernel code is two completely different things. That was not the proposed change, yet an interesting concept. I can see how that may slow the attack down a little more. Also even if you did remove the function from kernel code the atacker could just insmod their own. My real question was what types of attacks are we stopping? Thanks, John -- To unsubscribe from this list: send an email with "unsubscribe kernelnewbies" to ecartis@xxxxxxxxxxxx Please read the FAQ at http://kernelnewbies.org/FAQ
