Re: /dev/ksyms permissions

To: tech-kern%NetBSD.org@localhost
Subject: Re: /dev/ksyms permissions
From: Mouse <mouse%Rodents-Montreal.ORG@localhost>
Date: Wed, 17 Jan 2018 14:03:03 -0500 (EST)

> libkvm uses it to get the kernel symbol namelist instead of reading
> /netbsd for it (originally kvmdb, which was retired when ksyms was
> added).  Programs like ps, netstat etc... uses it to find in-kernel
> stuff, so you cannot change it to require root privs to be read.

But the symbol values are useless except for reading kernel memory (and
kernel-side debugging, which latter I think we can assume can assume
root access for).  So I see no harm changing /dev/ksyms to be 440
root:kmem.  (I don't _like_ it, and would configure my own systems
otherwise, but that's for much the same reasons I dislike kaslr, which
are fairly specific to my use aptterns.)

> Maybe group kmem read, but that might require more elevated
> privileges in the programs that uses ksyms.

What program uses ksyms now that doesn't require at least group kmem?

/~\ The ASCII				  Mouse
\ / Ribbon Campaign
 X  Against HTML		mouse%rodents-montreal.org@localhost
/ \ Email!	     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B

Follow-Ups:
- Re: /dev/ksyms permissions
  - From: Anders Magnusson

References:
- /dev/ksyms permissions
  - From: coypu
- Re: /dev/ksyms permissions
  - From: Anders Magnusson

Prev by Date: Re: /dev/ksyms permissions
Next by Date: Re: /dev/ksyms permissions
Previous by Thread: Re: /dev/ksyms permissions
Next by Thread: Re: /dev/ksyms permissions
Indexes:

Home | Main Index | Thread Index | Old Index