Re: [PATCH] kernel: make /proc/kallsyms mode 400 to reduce ease ofattacking

From: Ingo Molnar
Date: Thu Nov 11 2010 - 02:06:10 EST

Next message: Dmitry Torokhov: "Re: [PATCH] Input: acecad - fix a memory leak in usb_acecad_probeerror path"
Previous message: Andrew Morton: "Re: [Call Trace: 2.6.37-rc1-git7 & 2.6.37-rc1-git8, Powerpc] LTPmsgctl11 test case"
In reply to: H. Peter Anvin: "Re: [PATCH] kernel: make /proc/kallsyms mode 400 to reduce ease ofattacking"
Next in thread: Jesper Juhl: "Re: [PATCH] kernel: make /proc/kallsyms mode 400 to reduce ease ofattacking"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

* H. Peter Anvin <hpa@xxxxxxxxx> wrote:

> Now, *relative* symbol addresses will typically not have any randomness at all,
> which may limit the usefulness, of course.

Yeah - but it happens quite often that the scope of the vulnerability only allows
absolute addresses. In fact it's a pretty common case: basically most derefs into
attacker-controlled data pointers are like that.

Thanks,

Ingo
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Dmitry Torokhov: "Re: [PATCH] Input: acecad - fix a memory leak in usb_acecad_probeerror path"
Previous message: Andrew Morton: "Re: [Call Trace: 2.6.37-rc1-git7 & 2.6.37-rc1-git8, Powerpc] LTPmsgctl11 test case"
In reply to: H. Peter Anvin: "Re: [PATCH] kernel: make /proc/kallsyms mode 400 to reduce ease ofattacking"
Next in thread: Jesper Juhl: "Re: [PATCH] kernel: make /proc/kallsyms mode 400 to reduce ease ofattacking"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]