In article <[email protected]>, <[email protected]> wrote: >-=-=-=-=-=- > >This leaks information that unprivileged user probably has no reason to >own: > >> cat /dev/ksyms > ksyms >> readelf -a ksyms |wc -l > 47594 > >Any strong reason not to apply the following? >Presumably it will have benefits for GENERIC_KASLR, or people with >Intel CPUs :-) > >-=-=-=-=-=- > >Index: MAKEDEV.tmpl >=================================================================== >RCS file: /cvsroot/src/etc/MAKEDEV.tmpl,v >retrieving revision 1.189 >diff -u -r1.189 MAKEDEV.tmpl >--- MAKEDEV.tmpl 9 Jan 2018 03:31:14 -0000 1.189 >+++ MAKEDEV.tmpl 17 Jan 2018 15:19:04 -0000 >@@ -933,7 +933,7 @@ > mkdev full c %mem_chr% 11 666 > mkdev zero c %mem_chr% 12 666 > mkdev klog c %log_chr% 0 600 >- mkdev ksyms c %ksyms_chr% 0 444 >+ mkdev ksyms c %ksyms_chr% 0 400 > mkdev random c %rnd_chr% 0 444 > mkdev urandom c %rnd_chr% 1 644 > if ! $fdesc_mounted; then
Perhaps 440 $g_kmem, if you don't want to break the world :-) christos
