Re: [PATCH] kernel: make /proc/kallsyms mode 400 to reduce ease of attacking [LWN.net]

From:		Andy Walls <andy-AT-silverblocksystems.net>
To:		linux-kernel-AT-vger.kernel.org
Subject:		Re: [PATCH] kernel: make /proc/kallsyms mode 400 to reduce ease of attacking
Date:		Fri, 19 Nov 2010 16:12:34 -0500
Message-ID:		<1290201154.2116.29.camel@morgan.silverblock.net>
Cc:		sarah.a.sharp-AT-linux.intel.com, torvalds-AT-linux-foundation.org
Archive-link:		Article, Thread


> On Fri, Nov 19, 2010 at 11:19 AM, Sarah Sharp
> <sarah.a.sharp@linux.intel.com> wrote:
> >
> > .config and dmesg are attached.  The box is running klogd 1.5.5ubuntu3
> > (from Jaunty).  Yes, I know that's old.  I read the bit in the commit
> > about changing the permissions of kallsyms after boot, but if I can't
> > boot that doesn't help.  Perhaps this can be made a configuration
> > option?
> 
> It's not worth a config option.
> 
> If it actually breaks user-space, I think we should just revert it.

User space klogd is what's broken in this case:

        ksyms = fopen(KSYMS, "r");

        if ( ksyms == NULL )
        {
                if ( errno == ENOENT )
                        Syslog(LOG_INFO, "No module symbols loaded - "
                               "kernel modules not enabled.\n");
                else
                        Syslog(LOG_ERR, "Error loading kernel symbols " \
                               "- %s\n", strerror(errno));
                fclose(ksyms);
                return(0);
        }

The fclose(NULL) is a bug, as I don't think the standards require
that to be handled gracefully.


> It's kind of sad to default to the world-visible thing,

klogd also gets symbols from System.map, so /proc/kallsyms access
is not a strict requirement.

I haven't checked to see if klogd can work without a symbol source
at all, but I'll wager it can.

Regards,
Andy

(Log in to post comments)