[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <AANLkTikgb96oJCrF-5sBPMUTiNPbCMEGUkuGxAJ=g-Mx@mail.gmail.com>
Date: Tue, 16 Nov 2010 21:58:44 -0800
From: Linus Torvalds <torvalds@...ux-foundation.org>
To: Kyle Moffett <kyle@...fetthome.net>
Cc: Marcus Meissner <meissner@...e.de>, linux-kernel@...r.kernel.org,
tj@...nel.org, akpm@...ux-foundation.org, hpa@...or.com,
mingo@...e.hu, w@....eu, alan@...rguk.ukuu.org.uk
Subject: Re: [PATCH] kernel: make /proc/kallsyms mode 400 to reduce ease of attacking
On Tue, Nov 16, 2010 at 9:40 PM, Kyle Moffett <kyle@...fetthome.net> wrote:
>
> (1) For 99%+ of all the computers out there you can
I think that misses the point.
Security is never about absolutes. Anybody who believes in absolute
security is a moron.
True security is about "piling up the inconveniences on the attack".
Several layers. Sure, it's easy to attack a system that is a
monoculture. But immediately when you start saying "you can always
figure out the particular version" and you're talking about tens (or
hundreds) of versions, suddenly you really _are_ more secure. Because
suddenly it's one more pain.
And no, that "one more pain" is not going to be the thing that stops
attacks. But add a number of "one more pains" together, and it gets
increasingly unlikely that you will have a widespread and successful
attack.
So I do think that it's worth closing these "small" holes. Anything
that makes it more work to attack really _is_ improving things.
And being able to just immediately see the addresses is just very
convenient if you have an attack that needs kernel addresses. Much
better that we not make these things visible by default.
And yes, people can look at the vmlinux files. That's outside our
control. And maybe distros will want to close that hole, and maybe
they won't, but at least they don't have the excuse that "well, it's
not even worth it, because the kernel exports that information in
/proc/kallsyms already".
Linus
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists