Re: /dev/ksyms permissions

To: tech-kern%netbsd.org@localhost
Subject: Re: /dev/ksyms permissions
From: christos%astron.com@localhost (Christos Zoulas)
Date: Wed, 17 Jan 2018 18:41:03 +0000 (UTC)

In article <20180117152524.GA11951%SDF.ORG@localhost>,  <coypu%sdf.org@localhost> wrote:
>-=-=-=-=-=-
>
>This leaks information that unprivileged user probably has no reason to
>own:
>
>> cat /dev/ksyms > ksyms
>> readelf -a ksyms |wc -l
>   47594
>
>Any strong reason not to apply the following?
>Presumably it will have benefits for GENERIC_KASLR, or people with
>Intel CPUs :-)
>
>-=-=-=-=-=-
>
>Index: MAKEDEV.tmpl
>===================================================================
>RCS file: /cvsroot/src/etc/MAKEDEV.tmpl,v
>retrieving revision 1.189
>diff -u -r1.189 MAKEDEV.tmpl
>--- MAKEDEV.tmpl	9 Jan 2018 03:31:14 -0000	1.189
>+++ MAKEDEV.tmpl	17 Jan 2018 15:19:04 -0000
>@@ -933,7 +933,7 @@
> 	mkdev		full	c %mem_chr% 11	666
> 	mkdev		zero	c %mem_chr% 12	666
> 	mkdev		klog	c %log_chr% 0	600
>-	mkdev		ksyms	c %ksyms_chr% 0 444
>+	mkdev		ksyms	c %ksyms_chr% 0 400
> 	mkdev		random	c %rnd_chr% 0	444
> 	mkdev		urandom	c %rnd_chr% 1	644
> 	if ! $fdesc_mounted; then

Perhaps 440 $g_kmem, if you don't want to break the world :-)

christos

References:
- /dev/ksyms permissions
  - From: coypu

Prev by Date: Re: /dev/ksyms permissions
Next by Date: Re: /dev/ksyms permissions
Previous by Thread: Re: /dev/ksyms permissions
Next by Thread: Spectre
Indexes:

Home | Main Index | Thread Index | Old Index