libkvm uses it to get the kernel symbol namelist instead of reading
/netbsd for it (originally kvmdb, which was retired when ksyms was added).
Programs like ps, netstat etc... uses it to find in-kernel stuff, so you
cannot change it to require root privs to be read.
Maybe group kmem read, but that might require more elevated privileges
in the programs that uses ksyms.
-- Ragge
Den 2018-01-17 kl. 16:25, skrev [email protected]:
This leaks information that unprivileged user probably has no reason to
own:
cat /dev/ksyms > ksyms
readelf -a ksyms |wc -l
47594
Any strong reason not to apply the following?
Presumably it will have benefits for GENERIC_KASLR, or people with
Intel CPUs :-)
