On Wed, 22 Jan 2020 14:55:08 -0700, "Theo de Raadt" wrote: > You can see where an object would be, but you can't read the object. > This is unlike dt where you can see the object and via parameter > inspection deeply reason about the value plaed at object addresses. > > However, the permissions look good: > > -rwx------ 1 root wheel 18480588 Jan 21 08:22 /bsd* > crw-r----- 1 root kmem 50, 0 Jan 14 23:39 /dev/ksyms > > We don't have any setgid kmem programs anymore, so the disclosure > is limited to root who can read the kernel.
Right, /dev/ksyms doesn't have any data that is not also in /bsd and, for the most part, /var/db/kvm_bsd.db. It doesn't make sense to make access to /dev/ksyms much stricter than access to the others. - todd
