| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <4CD36E41.50505@am.sony.com> Date: Thu, 4 Nov 2010 19:38:57 -0700 From: Frank Rowand <frank.rowand@...sony.com> To: Marcus Meissner <meissner@...e.de> CC: Ingo Molnar <mingo@...e.hu>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, "jason.wessel@...driver.com" <jason.wessel@...driver.com>, "fweisbec@...il.com" <fweisbec@...il.com>, "tj@...nel.org" <tj@...nel.org>, "mort@....com" <mort@....com>, "akpm@...l.org" <akpm@...l.org>, "security@...nel.org" <security@...nel.org>, Andrew Morton <akpm@...ux-foundation.org>, Linus Torvalds <torvalds@...ux-foundation.org>, Peter Zijlstra <a.p.zijlstra@...llo.nl>, Thomas Gleixner <tglx@...utronix.de>, "H. Peter Anvin" <hpa@...or.com> Subject: Re: [PATCH] kernel: make /proc/kallsyms mode 400 to reduce ease of attacking On 11/04/10 05:29, Marcus Meissner wrote: > On Thu, Nov 04, 2010 at 12:46:48PM +0100, Ingo Molnar wrote: >> >> * Marcus Meissner <meissner@...e.de> wrote: >> >>> Hi, >>> >>> Making /proc/kallsyms readable only for root makes it harder for attackers to >>> write generic kernel exploits by removing one source of knowledge where things are >>> in the kernel. < snip > >> So what does a distribution like Suse expect from this change alone? Those have >> public packages in rpms which can be downloaded by anyone, so it makes little sense >> to hide it - unless _all_ version information is hidden. > > It is the first patch, mostly an acceptance test balloon. > > There are several other files handing information out, but kallsyms has > it all very nice and ready. > > (timer_list, /proc/*/stat*, sl?binfo ) > >> So i'd like to see a _full_ version info sandboxing patch that thinks through all >> the angles and restricts uname -r kernel version info as well, and makes dmesg >> unaccessible to users - and closes a few other information holes as well that give >> away the exact kernel version - _that_ together will make it hard to blindly attack >> a very specific kernel version. > > I am personally thinking of a "small steps" philosophy, one step after the other. < snip > The idea of trying to hide the kernel version is absurd. The number of different places that can provide a precise fingerprint of a kernel version, or a small range of possible kernel versions is immense. Closing all of those places makes use and administration of a system more difficult, and encourages frequent use of su. Dumb examples of version clues (beyond the obvious simple ones): $ gcc -v Target: x86_64-redhat-linux gcc version 4.4.4 20100630 (Red Hat 4.4.4-10) (GCC) $ rpm -qi gcc Release : 10.fc13 Build Date: Wed Jun 30 02:54:10 2010 $ rpm -qi kernel Version : 2.6.33.3 Vendor: Fedora Project Release : 85.fc13 Build Date: Thu May 6 11:35:36 2010 $ ls -l /lib64 $ ls -l /boot $ lsmod -Frank -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists