Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752559Ab0KEALy (ORCPT ); Thu, 4 Nov 2010 20:11:54 -0400 Received: from mail-gy0-f174.google.com ([209.85.160.174]:47939 "EHLO mail-gy0-f174.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751966Ab0KEALu (ORCPT ); Thu, 4 Nov 2010 20:11:50 -0400 MIME-Version: 1.0 In-Reply-To: <4CD286E4.8070802@kernel.org> References: <20101104100914.GC25118@suse.de> <4CD286E4.8070802@kernel.org> Date: Fri, 5 Nov 2010 08:11:49 +0800 X-Google-Sender-Auth: dZ1GbMc6zRf2rRIgg8jMmt5Z9bA Message-ID: Subject: Re: [Security] [PATCH] kernel: make /proc/kallsyms mode 400 to reduce ease of attacking From: Eugene Teo To: Tejun Heo Cc: Marcus Meissner , security@kernel.org, mort@sgi.com, fweisbec@gmail.com, linux-kernel@vger.kernel.org, jason.wessel@windriver.com, Linus Torvalds Content-Type: text/plain; charset=ISO-8859-1 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 821 Lines: 23 On Thu, Nov 4, 2010 at 6:11 PM, Tejun Heo wrote: > On 11/04/2010 11:09 AM, Marcus Meissner wrote: >> Making /proc/kallsyms readable only for root makes it harder >> for attackers to write generic kernel exploits by removing >> one source of knowledge where things are in the kernel. >> >> Signed-off-by: Marcus Meissner > > I can't recall needing /proc/kallsyms when I wasn't root, so unless > there's a compelling use case. > > Acked-by: Tejun Heo Looks good to me too. Acked-by: Eugene Teo Eugene -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/