Re: [PATCH] kernel: make /proc/kallsyms mode 400 to reduce ease ofattacking

[H. Peter Anvin]

On 11/04/2010 10:38 AM, Tejun Heo wrote:
> Hello,
>
> On 11/04/2010 03:33 PM, Marcus Meissner wrote:
> > I mean the kernel could hide it from uname, but lsb_release,
> > /etc/redhat-release, /etc/SuSE-release etc still exist and then you
> > can still use the fixed address list table inside your exploit. But an
> > exploits needs to have such a list, making it harder to write.
>
> I do believe that making things more difficult to exploit helps.  Many
> people seem to think it only gives false sense of security tho.
>
> > I also briefly thought about kernel ASLR, but my knowledge of the kernel
> > loading is too limited whether this is even possible or at all useful.
>
> We already have relocatable kernel for kdump and IIRC it doesn't add
> runtime overhead, so putting the kernel at random address shouldn't be
> too difficult.  Not sure how useful that would be tho.

It's very coarse-grained relocation, which is why it works.

	-hpa

P.S. It's not just for kdump anymore.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/