This patch changes the permissions of the /proc/bus/pci directory entry, so, non-root users are restricted of accessing it's content. It's also available at: http://pearls.tuxedo-es.org/patches/security/proc-privacy-1_drivers_pci_proc.c.patch -- Lorenzo Hernández García-Hierro <[email protected]> [1024D/6F2B2DEC] & [2048g/9AE91A22][http://tuxedo-es.org]
diff -puN drivers/pci/proc.c~proc-privacy-1 drivers/pci/proc.c --- linux-2.6.11/drivers/pci/proc.c~proc-privacy-1 2005-04-17 17:50:49.033817704 +0200 +++ linux-2.6.11-lorenzo/drivers/pci/proc.c 2005-04-17 17:55:11.321943848 +0200 @@ -565,7 +565,7 @@ static struct file_operations proc_pci_o static void legacy_proc_init(void) { - struct proc_dir_entry * entry = create_proc_entry("pci", 0, NULL); + struct proc_dir_entry * entry = create_proc_entry("pci", S_IRUSR, NULL); if (entry) entry->proc_fops = &proc_pci_operations; } @@ -594,7 +594,7 @@ static int __init pci_proc_init(void) { struct proc_dir_entry *entry; struct pci_dev *dev = NULL; - proc_bus_pci_dir = proc_mkdir("pci", proc_bus); + proc_bus_pci_dir = proc_mkdir_mode("pci", S_IRUSR | S_IXUSR, proc_bus); entry = create_proc_entry("devices", 0, proc_bus_pci_dir); if (entry) entry->proc_fops = &proc_bus_pci_dev_operations;
Attachment:
signature.asc
Description: This is a digitally signed message part
- Follow-Ups:
- Re: [PATCH 1/7] procfs privacy: /proc/bus/pci
- From: Jesper Juhl <[email protected]>
- Re: [PATCH 1/7] procfs privacy: /proc/bus/pci
- Prev by Date: Re: SkyMinder (CLPS711x derivative) - decided to try 2.6.11.7
- Next by Date: [PATCH 2/7] procfs privacy: tasks/processes lookup
- Previous by thread: dbench performance on cifs to Samba
- Next by thread: Re: [PATCH 1/7] procfs privacy: /proc/bus/pci
- Index(es):