[PATCH] kernel: make /proc/kallsyms mode 400 to reduce ease of attacking

From: Marcus Meissner
Date: Thu Nov 04 2010 - 06:09:24 EST

Next message: Tejun Heo: "Re: [PATCH] kernel: make /proc/kallsyms mode 400 to reduce ease ofattacking"
Previous message: Mattias Wallin: "[PATCH] regulator: lock supply in regulator enable"
Next in thread: Tejun Heo: "Re: [PATCH] kernel: make /proc/kallsyms mode 400 to reduce ease ofattacking"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

Making /proc/kallsyms readable only for root makes it harder
for attackers to write generic kernel exploits by removing
one source of knowledge where things are in the kernel.

Signed-off-by: Marcus Meissner <meissner@xxxxxxx>
---
kernel/kallsyms.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/kernel/kallsyms.c b/kernel/kallsyms.c
index 6f6d091..a8db257 100644
--- a/kernel/kallsyms.c
+++ b/kernel/kallsyms.c
@@ -546,7 +546,7 @@ static const struct file_operations kallsyms_operations = {

static int __init kallsyms_init(void)
{
- proc_create("kallsyms", 0444, NULL, &kallsyms_operations);
+ proc_create("kallsyms", 0400, NULL, &kallsyms_operations);
return 0;
}
device_initcall(kallsyms_init);
--
1.7.1

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Tejun Heo: "Re: [PATCH] kernel: make /proc/kallsyms mode 400 to reduce ease ofattacking"
Previous message: Mattias Wallin: "[PATCH] regulator: lock supply in regulator enable"
Next in thread: Tejun Heo: "Re: [PATCH] kernel: make /proc/kallsyms mode 400 to reduce ease ofattacking"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]