LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for April 4, 2013

LWN.net Weekly Edition for March 28, 2013

A kernel change breaks GlusterFS

PyCon: Evangelizing Python

Multipath TCP: an overview

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Making distribution files readable only by root is pointless

Making distribution files readable only by root is pointless

Posted Apr 5, 2013 10:03 UTC (Fri) by dsommers (subscriber, #55274)
In reply to: Making distribution files readable only by root is pointless by NAR
Parent article: KASLR: An Exercise in Cargo Cult Security (grsecurity blog)

> The user can install his/her own kernel, in that case it makes sense to make these files readable only for root.

In bigger data centres this will most likely be a no-go. The reason is that these environments heavily depend on automated update routines. If you need to recompile the kernel to ensure the address space is unpredictable, that will just add more maintenance complexity and also add another possible place where things can go wrong. Which again will make most sys-admins ignore this threat.

In addition, with commercial Linux distros it might even make it more difficult to use of their support services. As they most likely won't support "home brewed" software packages, even if it's based on their sources.

(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds