This patch changes the permissions of the procfs entry config.gz, thus, non-root users are restricted from accessing it. It's also available at: http://pearls.tuxedo-es.org/patches/security/proc-privacy-1_kernel_configs.c.patch -- Lorenzo Hernández García-Hierro <[email protected]> [1024D/6F2B2DEC] & [2048g/9AE91A22][http://tuxedo-es.org]
diff -puN kernel/configs.c~proc-privacy-1 kernel/configs.c --- linux-2.6.11/kernel/configs.c~proc-privacy-1 2005-04-17 18:04:39.281600856 +0200 +++ linux-2.6.11-lorenzo/kernel/configs.c 2005-04-17 18:05:33.478361696 +0200 @@ -89,7 +89,7 @@ static int __init ikconfig_init(void) struct proc_dir_entry *entry; /* create the current config file */ - entry = create_proc_entry("config.gz", S_IFREG | S_IRUGO, + entry = create_proc_entry("config.gz", S_IFREG | S_IRUSR, &proc_root); if (!entry) return -ENOMEM;
Attachment:
signature.asc
Description: This is a digitally signed message part
- Follow-Ups:
- Re: [PATCH 5/7] procfs privacy: /proc/config.gz
- From: Rik van Riel <[email protected]>
- Re: [PATCH 5/7] procfs privacy: /proc/config.gz
- Prev by Date: [PATCH 6/7] procfs privacy: /proc/kallsyms
- Next by Date: [PATCH 7/7] procfs privacy: /proc/iomem & /proc/ioports
- Previous by thread: [PATCH 6/7] procfs privacy: /proc/kallsyms
- Next by thread: Re: [PATCH 5/7] procfs privacy: /proc/config.gz
- Index(es):