Re: Making /proc/kallsyms readable only by root

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Better option would have been to not to expose this file at all and make it a kernel config option and user should turn it on by understanding any security risk (if they consider it as a risk).

Rajat

On Sun, Nov 7, 2010 at 11:22 AM, John Mahoney <jmahoney@xxxxxxxx> wrote:
On Sat, Nov 6, 2010 at 1:03 PM, Bruce Blinn <bruce.blinn@xxxxxxxxx> wrote:
>>
>> if permissions are 700 or 400 who cares you need root to do
>> either and at that point if its 400 can't you just chmod 700
>> /dev/kallsyms.  or am I missing something here?
>>
> For files in the /proc file system, it is not that simple since they need to
> have a function to handle the write request.
>

Changing the permissions to 400 and removing the function to handle
write requests from the kernel code is two completely different
things.  That was not the proposed change, yet an interesting concept.
 I can see how that may slow the attack down a little more.  Also even
if you did remove the function from kernel code the atacker could just
insmod their own.

My real question was what types of attacks are we stopping?

Thanks,
John

--
To unsubscribe from this list: send an email with
"unsubscribe kernelnewbies" to ecartis@xxxxxxxxxxxx
Please read the FAQ at http://kernelnewbies.org/FAQ


[Index of Archives]     [Newbies FAQ]     [Linux Kernel Mentors]     [Linux Kernel Development]     [IETF Annouce]     [Git]     [Networking]     [Security]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux SCSI]     [Linux ACPI]
  Powered by Linux