This patch changes the permissions of the procfs entry kallsyms, thus, non-root users are restricted from accessing it. It's also available at: http://pearls.tuxedo-es.org/patches/security/proc-privacy-1_kernel_kallsyms.c.patch -- Lorenzo Hernández García-Hierro <[email protected]> [1024D/6F2B2DEC] & [2048g/9AE91A22][http://tuxedo-es.org]
diff -puN kernel/kallsyms.c~proc-privacy-1 kernel/kallsyms.c --- linux-2.6.11/kernel/kallsyms.c~proc-privacy-1 2005-04-17 18:06:01.380119984 +0200 +++ linux-2.6.11-lorenzo/kernel/kallsyms.c 2005-04-17 18:06:27.378167680 +0200 @@ -388,7 +388,7 @@ int __init kallsyms_init(void) { struct proc_dir_entry *entry; - entry = create_proc_entry("kallsyms", 0444, NULL); + entry = create_proc_entry("kallsyms", S_IFREG | S_IRUSR, NULL); if (entry) entry->proc_fops = &kallsyms_operations; return 0;
Attachment:
signature.asc
Description: This is a digitally signed message part
- Prev by Date: Re: intercepting syscalls
- Next by Date: [PATCH 5/7] procfs privacy: /proc/config.gz
- Previous by thread: [PATCH 3/7] procfs privacy: misc. entries
- Next by thread: [PATCH 5/7] procfs privacy: /proc/config.gz
- Index(es):