Re: [Security] [PATCH] kernel: make /proc/kallsyms mode 400 toreduce ease of attacking

From: Ingo Molnar
Date: Mon Nov 08 2010 - 01:30:11 EST



* Alan Cox <alan@xxxxxxxxxxxxxxxxxxx> wrote:

> > This makes it _unsafe_ (for many types of attackers) to run an exploit locally.
>
> They don't care.

Sure, script kiddies and botnet builders wont care - i.e. attacks where the
individual target is low value, or where either the attacker or the attacked is
stupid.

But it's different when a skilled attacker meets a skilled defense: all the
exploits/attacks against high-value targets i've seen showed a great deal of care
taken to avoid detection.

Future trends are also clear: eventually, as more and more of our lives are lived on
the network, home boxes are becoming more and more valuable. So i think
concentrating on the psychology of the skilled attacker would not be unwise. YMMV.

Thanks,

Ingo
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/