Re: [PATCH] kernel: make /proc/kallsyms mode 400 to reduce ease of attacking

From: Willy Tarreau
Date: Wed Nov 17 2010 - 01:21:35 EST

Next message: Grant Likely: "Re: [PATCH] of: Request module by alias in of_i2c.c"
Previous message: Dirk Brandewie: "Re: [PATCH 1/5] of: Add support for linking device tree blobs intovmlinux"
In reply to: Linus Torvalds: "Re: [PATCH] kernel: make /proc/kallsyms mode 400 to reduce ease of attacking"
Next in thread: Ingo Molnar: "Re: [PATCH] kernel: make /proc/kallsyms mode 400 to reduce ease ofattacking"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Nov 16, 2010 at 09:58:44PM -0800, Linus Torvalds wrote:
> So I do think that it's worth closing these "small" holes. Anything
> that makes it more work to attack really _is_ improving things.

We must keep in mind that anything which requires more work as root
for common administration opens new holes. I don't think it's the
case for kallsyms, but I mean we should not try to lock too hard,
otherwise everyone will have a sudoers entry to do his work, and
that's even worse than current situation.

Willy

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Grant Likely: "Re: [PATCH] of: Request module by alias in of_i2c.c"
Previous message: Dirk Brandewie: "Re: [PATCH 1/5] of: Add support for linking device tree blobs intovmlinux"
In reply to: Linus Torvalds: "Re: [PATCH] kernel: make /proc/kallsyms mode 400 to reduce ease of attacking"
Next in thread: Ingo Molnar: "Re: [PATCH] kernel: make /proc/kallsyms mode 400 to reduce ease ofattacking"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]