Re: /dev/ksyms permissions

To: coypu%sdf.org@localhost, tech-kern%netbsd.org@localhost
Subject: Re: /dev/ksyms permissions
From: Anders Magnusson <ragge%ludd.ltu.se@localhost>
Date: Wed, 17 Jan 2018 19:19:32 +0100

libkvm uses it to get the kernel symbol namelist instead of reading/netbsd for it (originally kvmdb, which was retired when ksyms was added).Programs like ps, netstat etc... uses it to find in-kernel stuff, so youcannot change it to require root privs to be read.Maybe group kmem read, but that might require more elevated privilegesin the programs that uses ksyms.


-- Ragge

Den 2018-01-17 kl. 16:25, skrev coypu%sdf.org@localhost:

This leaks information that unprivileged user probably has no reason to
own:

cat /dev/ksyms > ksyms
readelf -a ksyms |wc -l

    47594

Any strong reason not to apply the following?
Presumably it will have benefits for GENERIC_KASLR, or people with
Intel CPUs :-)

Follow-Ups:
- Re: /dev/ksyms permissions
  - From: maya
- Re: /dev/ksyms permissions
  - From: Mouse

References:
- /dev/ksyms permissions
  - From: coypu

Prev by Date: /dev/ksyms permissions
Next by Date: Re: /dev/ksyms permissions
Previous by Thread: /dev/ksyms permissions
Next by Thread: Re: /dev/ksyms permissions
Indexes:

Home | Main Index | Thread Index | Old Index