Better option would have been to not to expose this file at all and make it a kernel config option and user should turn it on by understanding any security risk (if they consider it as a risk).
Rajat On Sun, Nov 7, 2010 at 11:22 AM, John Mahoney <[email protected]> wrote: > On Sat, Nov 6, 2010 at 1:03 PM, Bruce Blinn <[email protected]> wrote: > >> > >> if permissions are 700 or 400 who cares you need root to do > >> either and at that point if its 400 can't you just chmod 700 > >> /dev/kallsyms. or am I missing something here? > >> > > For files in the /proc file system, it is not that simple since they need > to > > have a function to handle the write request. > > > > Changing the permissions to 400 and removing the function to handle > write requests from the kernel code is two completely different > things. That was not the proposed change, yet an interesting concept. > I can see how that may slow the attack down a little more. Also even > if you did remove the function from kernel code the atacker could just > insmod their own. > > My real question was what types of attacks are we stopping? > > Thanks, > John > > -- > To unsubscribe from this list: send an email with > "unsubscribe kernelnewbies" to [email protected] > Please read the FAQ at http://kernelnewbies.org/FAQ > >
