LinuxLists.cc - Re: [Security] [PATCH] kernel: make /proc/kallsyms mode 400 to reduce ease of attacking

2010-11-13 13:10:28

Subject: Re: [Security] [PATCH] kernel: make /proc/kallsyms mode 400 to reduce ease of attacking

----- Original Message -----
From: "Ingo Molnar" <[email protected]>
To: "Willy Tarreau" <[email protected]>
Cc: "Marcus Meissner" <[email protected]>; <[email protected]>;
<[email protected]>; "Peter Zijlstra" <[email protected]>;
<[email protected]>; "H. Peter Anvin" <[email protected]>;
<[email protected]>; <[email protected]>;
<[email protected]>; <[email protected]>; <"Morton
<"@zimbra8-e1.priv.proxad.net>
Sent: Sunday, November 07, 2010 10:08 AM
Subject: Re: [Security] [PATCH] kernel: make /proc/kallsyms mode 400 to
reduce ease of attacking

>
> * Ingo Molnar <[email protected]> wrote:
>
> > If your claim that 'kernel version is needed at many places' is true
then why am i
> > seeing this on a pretty general distro box bootup:
> >
> > [root@aldebaran ~]# uname -a
> > Linux aldebaran 2.6.99-tip-01574-g6ba54c9-dirty #1 SMP Sun Nov 7
10:24:38 CET 2010 x86_64 x86_64 x86_64 GNU/Linux
> >
> > ?
> >
> > Yes, some user-space might be unhappy if we set the version _back_ to
say 2.4.0,
> > but we could (as the patch below) fuzz up the version information from
> > unprivileged attackers easily.
>
> Btw., with an 'exploit honeypot' and 'version fuzzing' the uname output
would look
> like this to an unprivileged user:
>
> $ uname -a
> Linux aldebaran 2.6.99 x86_64 x86_64 x86_64 GNU/Linux
>
> [ we wouldnt want to include the date or the SHA1 of the kernel,
obviously. ]
>
> And it would look like this to root:
>
> # uname -a
> Linux aldebaran 2.6.37-tip-01574-g6ba54c9-dirty #1 SMP Sun Nov 7
10:24:38 CET 2010 x86_64 x86_64 x86_64 GNU/Linux
>
> Ingo

A bit late comment
gesp@a7n8x-e:~$ strings /lib/modules/*/kernel/drivers/scsi/in2000.ko | grep
2010
Sep 16 2010
gesp@a7n8x-e:~$ strings /lib/modules/*/kernel/drivers/char/nozomi.ko | grep
2010
Nozomi driver 2.1d (build date: Sep 16 2010 19:01:27)
gesp@a7n8x-e:~$ uname -a
Linux a7n8x-e 2.6.26-2-686 #1 SMP Thu Sep 16 19:35:51 UTC 2010 i686
GNU/Linux

Should it not be considered before to remove __DATE__ and __TIME__ from
module code?
That would have too the good effect that everyone that compile same code
with same compiler get exactly same file.

Gilles