lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20070711205120.396CD4D0555@magilla.localdomain>
Date:	Wed, 11 Jul 2007 13:51:20 -0700 (PDT)
From:	Roland McGrath <roland@...hat.com>
To:	Linus Torvalds <torvalds@...ux-foundation.org>
Cc:	Andrew Morton <akpm@...ux-foundation.org>,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH 6/7] Add /sys/kernel/notes

[I'd meant to send that from roland@...hat.com, so please correct any
followups.]

> Umm. You seem to make it readable by everybody. That's a mistake, I think. 
> I don't know if there is anything security-conscious there, but just on 
> general principles, I don't think we really would want normal users 
> reading kernel configuration info, no?

What I expect to find in notes I'd call kernel version and identification
info, not configuration info.  I don't think it's likely to be any more
revealing than "uname -v".  The main use I have in mind is to check
exactly which kernel binary you have, though indeed that is only of any
use to someone who can do something with kernel addresses and such.  It
is probably a lot less revealing on its own than /proc/config.gz or
/proc/kallsyms, which are world-readable.

It hadn't really occurred to me that the kernel binary would be
deliberately hidden from the user.  If you are doing that, indeed
/sys/kernel/noes is of no use to the user and you probably want to hide
it too.  Still, I think it is more useful that the default be to let an
unprivileged user see this as they can see /proc/kallsyms.  Both are
useful for the same sorts of things, i.e. making sense of kernel
addresses from oops logs or whatnot.  /sys/kernel/notes will be a part of
"eu-addr2line -k 0x12345" being reliable and automatic, for example (it
already works now with kernel-debuginfo installed, but this will help it
reliably figure out if you botched the install or something).


Thanks,
Roland
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ