This should definitely be a post-install fix. -- thorpej Sent from my iPhone.
> On Jul 21, 2018, at 9:58 AM, Thomas Klausner <[email protected]> wrote: > > Is this something that we should let postinstall fix? > Or what is the upgrade strategy for the users not reading source-changes? > Thomas > >> On Sat, Jul 21, 2018 at 07:46:57AM +0000, Maxime Villard wrote: >> Module Name: src >> Committed By: maxv >> Date: Sat Jul 21 07:46:56 UTC 2018 >> >> Modified Files: >> src/etc: MAKEDEV.tmpl >> >> Log Message: >> Create /dev/ksyms as "440 $g_kmem". This prevents unprivileged users from >> reading the kernel symbols. Discussed in January 2018 on tech-kern@, >> reported by maya@, tested by tih@. >> >> >> To generate a diff of this commit: >> cvs rdiff -u -r1.190 -r1.191 src/etc/MAKEDEV.tmpl >> >> Please note that diffs are not public domain; they are subject to the >> copyright notices on the relevant files. >> > >> Modified files: >> >> Index: src/etc/MAKEDEV.tmpl >> diff -u src/etc/MAKEDEV.tmpl:1.190 src/etc/MAKEDEV.tmpl:1.191 >> --- src/etc/MAKEDEV.tmpl:1.190 Sun May 20 14:08:33 2018 >> +++ src/etc/MAKEDEV.tmpl Sat Jul 21 07:46:56 2018 >> @@ -1,5 +1,5 @@ >> #!/bin/sh - >> -# $NetBSD: MAKEDEV.tmpl,v 1.190 2018/05/20 14:08:33 thorpej Exp $ >> +# $NetBSD: MAKEDEV.tmpl,v 1.191 2018/07/21 07:46:56 maxv Exp $ >> # >> # Copyright (c) 2003,2007,2008 The NetBSD Foundation, Inc. >> # All rights reserved. >> @@ -940,7 +940,7 @@ std) >> mkdev full c %mem_chr% 11 666 >> mkdev zero c %mem_chr% 12 666 >> mkdev klog c %log_chr% 0 600 >> - mkdev ksyms c %ksyms_chr% 0 444 >> + mkdev ksyms c %ksyms_chr% 0 440 $g_kmem >> mkdev random c %rnd_chr% 0 444 >> mkdev urandom c %rnd_chr% 1 644 >> if ! $fdesc_mounted; then >> >
