Home » Mailing list archives » linux-kernel » 2010 » November » 26

Re: [PATCH] kernel: make /proc/kallsyms mode 400 to reduce ease of attacking

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
[view in full thread]
From: Ingo Molnar
Subject: Re: [PATCH] kernel: make /proc/kallsyms mode 400 to reduce ease of attacking
Date: Friday, November 26, 2010 - 12:48 am

* Linus Torvalds <torvalds@linux-foundation.org> wrote:


Sarah,

Does your system boot fine if we make /proc/kallsyms simply an empty file to 
unprivileged users? Something like the (untested ...) patch below.

	Ingo

diff --git a/kernel/kallsyms.c b/kernel/kallsyms.c
index 6f6d091..d54c993 100644
--- a/kernel/kallsyms.c
+++ b/kernel/kallsyms.c
@@ -465,7 +465,7 @@ static int s_show(struct seq_file *m, void *p)
 	struct kallsym_iter *iter = m->private;
 
 	/* Some debugging symbols have no name.  Ignore them. */
-	if (!iter->name[0])
+	if (!iter->name[0] || !capable(CAP_SYS_ADMIN))
 		return 0;
 
 	if (iter->module_name[0]) {
--
Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
Messages in current thread:
[PATCH] kernel: make /proc/kallsyms mode 400 to reduce eas ..., Marcus Meissner, (Tue Nov 16, 3:46 am)
Re: [PATCH] kernel: make /proc/kallsyms mode 400 to reduce ..., Kyle McMartin, (Tue Nov 16, 10:07 pm)
Re: [PATCH] kernel: make /proc/kallsyms mode 400 to reduce ..., Kyle Moffett, (Tue Nov 16, 10:40 pm)
Re: [PATCH] kernel: make /proc/kallsyms mode 400 to reduce ..., Kyle Moffett, (Tue Nov 16, 10:41 pm)
Re: [PATCH] kernel: make /proc/kallsyms mode 400 to reduce ..., Linus Torvalds, (Tue Nov 16, 10:58 pm)
Re: [PATCH] kernel: make /proc/kallsyms mode 400 to reduce ..., Willy Tarreau, (Tue Nov 16, 11:19 pm)
Re: [PATCH] kernel: make /proc/kallsyms mode 400 to reduce ..., Ingo Molnar, (Thu Nov 18, 12:31 am)
Re: [PATCH] kernel: make /proc/kallsyms mode 400 to reduce ..., Ingo Molnar, (Thu Nov 18, 12:48 am)
Re: [PATCH] kernel: make /proc/kallsyms mode 400 to reduce ..., Sarah Sharp, (Fri Nov 19, 12:19 pm)
Re: [PATCH] kernel: make /proc/kallsyms mode 400 to reduce ..., Linus Torvalds, (Fri Nov 19, 12:54 pm)
Re: [PATCH] kernel: make /proc/kallsyms mode 400 to reduce ..., david, (Fri Nov 19, 12:58 pm)
Re: [PATCH] kernel: make /proc/kallsyms mode 400 to reduce ..., Linus Torvalds, (Fri Nov 19, 1:04 pm)
Re: [PATCH] kernel: make /proc/kallsyms mode 400 to reduce ..., Willy Tarreau, (Fri Nov 19, 1:16 pm)
Re: [PATCH] kernel: make /proc/kallsyms mode 400 to reduce ..., david, (Fri Nov 19, 1:55 pm)
Re: [PATCH] kernel: make /proc/kallsyms mode 400 to reduce ..., Kees Cook, (Fri Nov 19, 8:18 pm)
Re: [PATCH] kernel: make /proc/kallsyms mode 400 to reduce ..., Richard W.M. Jones, (Sat Nov 20, 4:05 am)
Re: [PATCH] kernel: make /proc/kallsyms mode 400 to reduce ..., Avi Kivity, (Sat Nov 20, 4:32 am)
Re: [PATCH] kernel: make /proc/kallsyms mode 400 to reduce ..., Pavel Machek, (Tue Nov 23, 10:24 am)
Re: [PATCH] kernel: make /proc/kallsyms mode 400 to reduce ..., Ingo Molnar, (Fri Nov 26, 12:38 am)
Re: [PATCH] kernel: make /proc/kallsyms mode 400 to reduce ..., Ingo Molnar, (Fri Nov 26, 12:48 am)
Re: [PATCH] kernel: make /proc/kallsyms mode 400 to reduce ..., Ingo Molnar, (Fri Nov 26, 12:51 am)
Re: [PATCH] kernel: make /proc/kallsyms mode 400 to reduce ..., Sarah Sharp, (Mon Nov 29, 9:33 am)
Re: [PATCH] kernel: make /proc/kallsyms mode 400 to reduce ..., Ingo Molnar, (Mon Nov 29, 11:04 am)
Re: [PATCH] kernel: make /proc/kallsyms mode 400 to reduce ..., H. Peter Anvin, (Mon Nov 29, 12:03 pm)
Re: [PATCH] kernel: make /proc/kallsyms mode 400 to reduce ..., H. Peter Anvin, (Mon Nov 29, 12:05 pm)
Re: [PATCH] kernel: make /proc/kallsyms mode 400 to reduce ..., Eric Paris, (Mon Nov 29, 12:21 pm)
Re: [PATCH] kernel: make /proc/kallsyms mode 400 to reduce ..., H. Peter Anvin, (Mon Nov 29, 12:38 pm)
Re: [PATCH] kernel: make /proc/kallsyms mode 400 to reduce ..., Willy Tarreau, (Mon Nov 29, 2:49 pm)
Re: [PATCH] kernel: make /proc/kallsyms mode 400 to reduce ..., Alan Cox, (Mon Nov 29, 4:31 pm)
Re: [PATCH] kernel: make /proc/kallsyms mode 400 to reduce ..., Ingo Molnar, (Tue Nov 30, 4:58 am)