> Yeah, we've made that mistake before, and I'm not saying we are perfect
> here, but if we make this world-readable, I think it needs to guarantee it
> doesn't really give any rootkit people any new information.
It will give them at least as reliable an identification of the kernel
binary as the "uname -rv" info if they have access to a set of candidate
known binaries to select from. It's of no direct help at all in getting
anything like kernel addresses. In practice, it is probably no easier for
a rootkit to use than "uname -rv" to pick an exploit for a particular known
distro kernel binary, just easier for legitimate debugging tools. I think
it's not only more harmless than what you might call "past mistakes", but
is actually just plain harmless. But I'm not really one to talk a man out
of his paranoia.
> And yes, I do think normal people shouldn't be able to read the vmlinuz
> binary, the same way they are generally not allowed to read /etc/grub.conf
> etc.
I have no special opinions about that, but I haven't seen an install where
the /boot files were not readable anyway. But certainly in a chroot or
such, you won't have /boot at all but might have /proc and /sys.
All in all, this seems like a question of local policy. Ideally the modes
would be flexibly chosen by admins, or else constrained more precisely by
SELinux policy or suchlike. But I have no axe to grind on the subject with
this particular change. I care more that the feature gets in and at least
root can use it, than about the permissions question.
Thanks,
Roland
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]