Re: [PATCH] kernel: make /proc/kallsyms mode 400 to reduce ease ofattacking

[Avi Kivity]

On 11/17/2010 07:40 AM, Kyle Moffett wrote:
>    (1) For 99%+ of all the computers out there you can get a 90%+
> accurate guess for what kernel is running by looking at the version of
> libc installed on the system.  All you have to do for those computers
> is download a bunch of distro kernels and look at the libc packages
> and build a table of "libc6-SOMEVERSION =>  0xADDRESS", etc.  Because
> of how all the vendors backport and track versions, "SOMEVERSION"
> usually includes something wonderfully helpful like "el5" or "squeeze"
> or whatever.  This does *nothing* for those users, and it's not clear
> that it ever *could*.

Isn't the kernel relocatable these days?  We can randomize the kernel 
load address at boot time and make this information useless.

--
I have a truly marvellous patch that fixes the bug which this
signature is too narrow to contain.

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/