FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Ubuntu > Ubuntu Kernel Team

 
 
LinkBack Thread Tools
 
Old 01-11-2011, 10:54 PM
Kees Cook
 
Default UBUNTU: SAUCE: kernel: make /proc/kallsyms mode 400 to reduce ease of attacking

Making /proc/kallsyms readable only for root makes it harder
for attackers to write generic kernel exploits by removing
one source of knowledge where things are in the kernel.

This is the second submit, discussion happened on this on first submit
and mostly concerned that this is just one hole of the sieve ... but
one of the bigger ones.

Changing the permissions of at least System.map and vmlinux is
also required to fix the same set, but a packaging issue.

Target of this starter patch and follow ups is removing any kind of
kernel space address information leak from the kernel.

Ciao, Marcus

[not upstream because some old sysklog daemons have a bug with this]

OriginalAuthor: Marcus Meissner <meissner@suse.de>

Signed-off-by: Marcus Meissner <meissner@suse.de>
Acked-by: Tejun Heo <tj@kernel.org>
Acked-by: Eugene Teo <eugeneteo@kernel.org>
Reviewed-by: Jesper Juhl <jj@chaosbits.net>
Signed-off-by: Kees Cook <kees.cook@canonical.com>
---
kernel/kallsyms.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/kernel/kallsyms.c b/kernel/kallsyms.c
index 6f6d091..a8db257 100644
--- a/kernel/kallsyms.c
+++ b/kernel/kallsyms.c
@@ -546,7 +546,7 @@ static const struct file_operations kallsyms_operations = {

static int __init kallsyms_init(void)
{
- proc_create("kallsyms", 0444, NULL, &kallsyms_operations);
+ proc_create("kallsyms", 0400, NULL, &kallsyms_operations);
return 0;
}
device_initcall(kallsyms_init);
--
1.7.2.3


--
Kees Cook
Ubuntu Security Team

--
kernel-team mailing list
kernel-team@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/kernel-team
 
Old 01-12-2011, 07:55 PM
Tim Gardner
 
Default UBUNTU: SAUCE: kernel: make /proc/kallsyms mode 400 to reduce ease of attacking

On 01/11/2011 05:54 PM, Kees Cook wrote:

Making /proc/kallsyms readable only for root makes it harder
for attackers to write generic kernel exploits by removing
one source of knowledge where things are in the kernel.

This is the second submit, discussion happened on this on first submit
and mostly concerned that this is just one hole of the sieve ... but
one of the bigger ones.

Changing the permissions of at least System.map and vmlinux is
also required to fix the same set, but a packaging issue.

Target of this starter patch and follow ups is removing any kind of
kernel space address information leak from the kernel.

Ciao, Marcus

[not upstream because some old sysklog daemons have a bug with this]

OriginalAuthor: Marcus Meissner<meissner@suse.de>

Signed-off-by: Marcus Meissner<meissner@suse.de>
Acked-by: Tejun Heo<tj@kernel.org>
Acked-by: Eugene Teo<eugeneteo@kernel.org>
Reviewed-by: Jesper Juhl<jj@chaosbits.net>
Signed-off-by: Kees Cook<kees.cook@canonical.com>
---
kernel/kallsyms.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/kernel/kallsyms.c b/kernel/kallsyms.c
index 6f6d091..a8db257 100644
--- a/kernel/kallsyms.c
+++ b/kernel/kallsyms.c
@@ -546,7 +546,7 @@ static const struct file_operations kallsyms_operations = {

static int __init kallsyms_init(void)
{
- proc_create("kallsyms", 0444, NULL,&kallsyms_operations);
+ proc_create("kallsyms", 0400, NULL,&kallsyms_operations);
return 0;
}
device_initcall(kallsyms_init);


Applied to Natty. I assume this was not intended for Maverick ?

--
Tim Gardner tim.gardner@canonical.com

--
kernel-team mailing list
kernel-team@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/kernel-team
 
Old 01-12-2011, 08:08 PM
Kees Cook
 
Default UBUNTU: SAUCE: kernel: make /proc/kallsyms mode 400 to reduce ease of attacking

On Wed, Jan 12, 2011 at 02:55:38PM -0600, Tim Gardner wrote:
> Applied to Natty. I assume this was not intended for Maverick ?

Right, yeah. Thanks!

-Kees

--
Kees Cook
Ubuntu Security Team

--
kernel-team mailing list
kernel-team@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/kernel-team
 

Thread Tools




All times are GMT. The time now is 01:21 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org