This patch changes the permissions of the /proc/net and /proc/bus directory entries so non-root users are restricted from accessing them. It's also available at: http://pearls.tuxedo-es.org/patches/security/proc-privacy-1_fs_proc_root.c.patch -- Lorenzo Hernández García-Hierro <[email protected]> [1024D/6F2B2DEC] & [2048g/9AE91A22][http://tuxedo-es.org]
diff -puN fs/proc/root.c~proc-privacy-1 fs/proc/root.c
--- linux-2.6.11/fs/proc/root.c~proc-privacy-1 2005-04-17 18:02:38.832911840 +0200
+++ linux-2.6.11-lorenzo/fs/proc/root.c 2005-04-17 18:03:59.102708976 +0200
@@ -52,7 +52,7 @@ void __init proc_root_init(void)
return;
}
proc_misc_init();
- proc_net = proc_mkdir("net", NULL);
+ proc_net = proc_mkdir_mode("net", S_IRUSR | S_IXUSR, NULL);
proc_net_stat = proc_mkdir("net/stat", NULL);
#ifdef CONFIG_SYSVIPC
@@ -76,7 +76,7 @@ void __init proc_root_init(void)
#ifdef CONFIG_PROC_DEVICETREE
proc_device_tree_init();
#endif
- proc_bus = proc_mkdir("bus", NULL);
+ proc_bus = proc_mkdir_mode("bus", S_IRUSR | S_IXUSR, NULL);
}
static struct dentry *proc_root_lookup(struct inode * dir, struct dentry * dentry, struct nameidata *nd)
Attachment:
signature.asc
Description: This is a digitally signed message part
- Prev by Date: [PATCH 0/7] procfs privacy
- Next by Date: [PATCH 3/7] procfs privacy: misc. entries
- Previous by thread: [PATCH 0/7] procfs privacy
- Next by thread: [PATCH 3/7] procfs privacy: misc. entries
- Index(es):
 |