| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20101104135802.GA31416@elte.hu> Date: Thu, 4 Nov 2010 14:58:02 +0100 From: Ingo Molnar <mingo@...e.hu> To: Marcus Meissner <meissner@...e.de> Cc: linux-kernel@...r.kernel.org, jason.wessel@...driver.com, fweisbec@...il.com, tj@...nel.org, mort@....com, akpm@...l.org, security@...nel.org, Andrew Morton <akpm@...ux-foundation.org>, Linus Torvalds <torvalds@...ux-foundation.org>, Peter Zijlstra <a.p.zijlstra@...llo.nl>, Thomas Gleixner <tglx@...utronix.de>, "H. Peter Anvin" <hpa@...or.com> Subject: Re: [PATCH] kernel: make /proc/kallsyms mode 400 to reduce ease of attacking * Marcus Meissner <meissner@...e.de> wrote: > On Thu, Nov 04, 2010 at 12:46:48PM +0100, Ingo Molnar wrote: > > > > * Marcus Meissner <meissner@...e.de> wrote: > > > > > Hi, > > > > > > Making /proc/kallsyms readable only for root makes it harder for attackers to > > > write generic kernel exploits by removing one source of knowledge where things are > > > in the kernel. > > > > Cc:-ed Linus - i think he argued in favor of such a patch in the past. > > > > I generally agree with such patches (i have written some myself), but there's a few > > questions with this one, which make this limited change ineffective and which make > > it harder to implement a fuller patch that makes it truly harder to figure out the > > precise kernel build: > > > > - The real security obstruction effect is very small from this measure alone: the > > overwhelming majority of our users are running distro kernels, so the Symbol.map > > file (and hence 99% of /proc/kallsyms content) is well-known - unless we also > > restrict 'uname -r' from nonprivileged users-ace. Hiding that might make sense - > > but the two should be in one patch really. > > Of course. System.map and others also need to turn to mode 400. That is not what I meant, at all. It's not the System.map _on the system_. It's the SuSE or Fedora kernel rpm package with a System.map in it, which package the attacker can download from a hundred mirrors on the internet, based on 'uname -r' output. You cannot obfuscate the System.map of a distro kernel without obfuscating all identification info. (Note that even the pure size of the System.map might tell a kernel rpm version from another ...) Ingo -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists