Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755185Ab0KDKM2 (ORCPT ); Thu, 4 Nov 2010 06:12:28 -0400 Received: from hera.kernel.org ([140.211.167.34]:60468 "EHLO hera.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754907Ab0KDKM0 (ORCPT ); Thu, 4 Nov 2010 06:12:26 -0400 Message-ID: <4CD286E4.8070802@kernel.org> Date: Thu, 04 Nov 2010 11:11:48 +0100 From: Tejun Heo User-Agent: Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv:1.9.2.12) Gecko/20101027 Lightning/1.0b2 Thunderbird/3.1.6 MIME-Version: 1.0 To: Marcus Meissner CC: linux-kernel@vger.kernel.org, jason.wessel@windriver.com, fweisbec@gmail.com, mort@sgi.com, akpm@osdl.org, security@kernel.org Subject: Re: [PATCH] kernel: make /proc/kallsyms mode 400 to reduce ease of attacking References: <20101104100914.GC25118@suse.de> In-Reply-To: <20101104100914.GC25118@suse.de> X-Enigmail-Version: 1.1.1 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.2.3 (hera.kernel.org [127.0.0.1]); Thu, 04 Nov 2010 10:11:50 +0000 (UTC) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 686 Lines: 21 On 11/04/2010 11:09 AM, Marcus Meissner wrote: > Making /proc/kallsyms readable only for root makes it harder > for attackers to write generic kernel exploits by removing > one source of knowledge where things are in the kernel. > > Signed-off-by: Marcus Meissner I can't recall needing /proc/kallsyms when I wasn't root, so unless there's a compelling use case. Acked-by: Tejun Heo Thanks. -- tejun -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/