Re: [PATCH 6/7] Add /sys/kernel/notes

[Roland McGrath]

[I'd meant to send that from roland@xxxxxxxxxx, so please correct any
followups.]

> Umm. You seem to make it readable by everybody. That's a mistake, I think. 
> I don't know if there is anything security-conscious there, but just on 
> general principles, I don't think we really would want normal users 
> reading kernel configuration info, no?

What I expect to find in notes I'd call kernel version and identification
info, not configuration info.  I don't think it's likely to be any more
revealing than "uname -v".  The main use I have in mind is to check
exactly which kernel binary you have, though indeed that is only of any
use to someone who can do something with kernel addresses and such.  It
is probably a lot less revealing on its own than /proc/config.gz or
/proc/kallsyms, which are world-readable.

It hadn't really occurred to me that the kernel binary would be
deliberately hidden from the user.  If you are doing that, indeed
/sys/kernel/noes is of no use to the user and you probably want to hide
it too.  Still, I think it is more useful that the default be to let an
unprivileged user see this as they can see /proc/kallsyms.  Both are
useful for the same sorts of things, i.e. making sense of kernel
addresses from oops logs or whatnot.  /sys/kernel/notes will be a part of
"eu-addr2line -k 0x12345" being reliable and automatic, for example (it
already works now with kernel-debuginfo installed, but this will help it
reliably figure out if you botched the install or something).


Thanks,
Roland
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/