During the 2.6.37 merge window, a change was merged which made
unreadable by unprivileged users by default. That
change was subsequently reverted when it was found to break the bootstrap
process on an older Ubuntu release. A new form of the patch has returned
which fixes that problem - but it still may not be merged.
The new patch is quite simple: if the
process reading the file lacks the CAP_SYS_ADMIN capability,
/proc/kallsyms appears to be an empty file. It has been confirmed
that this version of the patch no longer breaks user space. But there were
complaints anyway: rather than restricting access to the file with the
usual access control bits, this patch encodes a policy
(CAP_SYS_ADMIN) into the kernel where it cannot be changed. That
rubs a number of people the wrong way, so this patch probably will not go
in either. Instead, concerned administrators (or distributors) will need
to simply change the permissions on the file at boot time.
to post comments)