This leaks information that unprivileged user probably has no reason to
own:
> cat /dev/ksyms > ksyms
> readelf -a ksyms |wc -l
47594
Any strong reason not to apply the following?
Presumably it will have benefits for GENERIC_KASLR, or people with
Intel CPUs :-)
Index: MAKEDEV.tmpl
===================================================================
RCS file: /cvsroot/src/etc/MAKEDEV.tmpl,v
retrieving revision 1.189
diff -u -r1.189 MAKEDEV.tmpl
--- MAKEDEV.tmpl 9 Jan 2018 03:31:14 -0000 1.189
+++ MAKEDEV.tmpl 17 Jan 2018 15:19:04 -0000
@@ -933,7 +933,7 @@
mkdev full c %mem_chr% 11 666
mkdev zero c %mem_chr% 12 666
mkdev klog c %log_chr% 0 600
- mkdev ksyms c %ksyms_chr% 0 444
+ mkdev ksyms c %ksyms_chr% 0 400
mkdev random c %rnd_chr% 0 444
mkdev urandom c %rnd_chr% 1 644
if ! $fdesc_mounted; then
