| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 19 Nov 2010 18:40:34 -0800 From: Kees Cook <kees.cook@...onical.com> To: Linus Torvalds <torvalds@...ux-foundation.org> Cc: Andy Walls <andy@...verblocksystems.net>, linux-kernel@...r.kernel.org, sarah.a.sharp@...ux.intel.com Subject: Re: [PATCH] kernel: make /proc/kallsyms mode 400 to reduce ease of attacking On Fri, Nov 19, 2010 at 03:22:00PM -0800, Linus Torvalds wrote: > In this case, the upside just wasn't big enough to accept _any_ > breakage, especially since people and distributions can just do the > "chmod" themselves if they want to. There was a lot of discussion > whether the patch should even go in in the first place. So this time, > the "let's just revert it" was a very easy decision for me. The downside is that /proc can be remounted multiple times for different containers, etc. Having to patch everything that mounts /proc to do the chmod seems much more painful that fixing a simple userspace bug in an old klog daemon. (For example, rsyslogd handles this fine since it's root to open it, and even if it fails, it doesn't do the broken fclose().) -Kees -- Kees Cook Ubuntu Security Team -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists