[PATCH 5/7] procfs privacy: /proc/config.gz

From: Lorenzo Hernández García-Hierro
Date: Mon Apr 18 2005 - 14:02:57 EST


This patch changes the permissions of the procfs entry config.gz, thus,
non-root users are restricted from accessing it.

It's also available at:
http://pearls.tuxedo-es.org/patches/security/proc-privacy-1_kernel_configs.c.patch

--
Lorenzo Hernández García-Hierro <lorenzo@xxxxxxx>
[1024D/6F2B2DEC] & [2048g/9AE91A22][http://tuxedo-es.org]
diff -puN kernel/configs.c~proc-privacy-1 kernel/configs.c
--- linux-2.6.11/kernel/configs.c~proc-privacy-1 2005-04-17 18:04:39.281600856 +0200
+++ linux-2.6.11-lorenzo/kernel/configs.c 2005-04-17 18:05:33.478361696 +0200
@@ -89,7 +89,7 @@ static int __init ikconfig_init(void)
struct proc_dir_entry *entry;

/* create the current config file */
- entry = create_proc_entry("config.gz", S_IFREG | S_IRUGO,
+ entry = create_proc_entry("config.gz", S_IFREG | S_IRUSR,
&proc_root);
if (!entry)
return -ENOMEM;

Attachment: signature.asc
Description: This is a digitally signed message part