| |||||||||||||
Making distribution files readable only by root is pointlessMaking distribution files readable only by root is pointlessPosted Mar 27, 2013 20:32 UTC (Wed) by NAR (subscriber, #1313)In reply to: Making distribution files readable only by root is pointless by epa Parent article: KASLR: An Exercise in Cargo Cult Security (grsecurity blog)
The user can install his/her own kernel, in that case it makes sense to make these files readable only for root. As the system should work in this case too, by setting access mode of the default files to 600 the rest of the system is tested that nothing is broken if these files are only readable by the user. So it might be pointless from a strict security point of view, it is useful from software testing point of view.
(Log in to post comments)
Making distribution files readable only by root is pointless Posted Apr 5, 2013 10:03 UTC (Fri) by dsommers (subscriber, #55274) [Link]
> The user can install his/her own kernel, in that case it makes sense to make these files readable only for root.
In bigger data centres this will most likely be a no-go. The reason is that these environments heavily depend on automated update routines. If you need to recompile the kernel to ensure the address space is unpredictable, that will just add more maintenance complexity and also add another possible place where things can go wrong. Which again will make most sys-admins ignore this threat.
In addition, with commercial Linux distros it might even make it more difficult to use of their support services. As they most likely won't support "home brewed" software packages, even if it's based on their sources.
|
|||||||||||||