Subject: [PATCH 5/7] procfs privacy: /proc/config.gz

This patch changes the permissions of the procfs entry config.gz, thus,
non-root users are restricted from accessing it.

It's also available at:
http://pearls.tuxedo-es.org/patches/security/proc-privacy-1_kernel_configs.c.patch

--
Lorenzo Hern?ndez Garc?a-Hierro <[email protected]>
[1024D/6F2B2DEC] & [2048g/9AE91A22][http://tuxedo-es.org]


Attachments:
proc-privacy-1_kernel_configs.c.patch (536.00 B)
signature.asc (189.00 B)
This is a digitally signed message part
Download all attachments

2005-04-18 19:26:01

by Rik van Riel

[permalink] [raw]
Subject: Re: [PATCH 5/7] procfs privacy: /proc/config.gz

On Mon, 18 Apr 2005, Lorenzo Hern?ndez Garc?a-Hierro wrote:

> This patch changes the permissions of the procfs entry config.gz, thus,
> non-root users are restricted from accessing it.

Why?

What is the security benefit of doing this ?

--
"Debugging is twice as hard as writing the code in the first place.
Therefore, if you write the code as cleverly as possible, you are,
by definition, not smart enough to debug it." - Brian W. Kernighan