| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 30 Nov 2010 20:21:52 +0100 From: Pavel Machek <pavel@....cz> To: Marcus Meissner <meissner@...e.de> Cc: Peter Zijlstra <a.p.zijlstra@...llo.nl>, tglx@...utronix.de, mingo@...e.hu, akpm@...ux-foundation.org, rusty@...tcorp.com.au, torvalds@...ux-foundation.org, linux-kernel@...r.kernel.org Subject: Re: [PATCH] kernel/time: Make /proc/timer_list mode 0400 Hi! > > > /proc/timer_list contains kernel addresses, like e.g.: > > > #0: <c000000001404158>, tick_sched_timer, S:01, .tick_nohz_restart_sched_tick, swapper/0 > > > ... > > > > > > Avoid leaking them to user space to make writing kernel exploits a bit harder. > > > > > > (I currently cannot think of a userland tool that uses this, this is > > > likely pretty much root-only.) > > > > iirc powertop parses this.. > > powertop already says on startup: > > PowerTOP needs to be run as root to collect enough information > > And as developer tool it usually is for people having root access. .....and now you are actively decreasing security. Yes, developers usally have root access, but no, developers do not like to work as root. -- (english) http://www.livejournal.com/~pavelmachek (cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists