FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Ubuntu > Ubuntu Kernel Team

 
 
LinkBack Thread Tools
 
Old 01-14-2011, 07:24 PM
Kees Cook
 
Default packaging: make System.map mode 0600

To complement the 0400 /proc/kallsyms patch, this makes the installed
System.map file mode 0600 so that security vulnerability exploitation
isn't as trivial. This, like kallsyms, does not stop a serious attacker,
since they can always just fetch the package and read the file.

I'm not aware of any non-root consumer of this file, so there should be
no impact. FWIW, my system boots fine with this change.

Signed-off-by: Kees Cook <kees.cook@canonical.com>
---
debian/rules.d/2-binary-arch.mk | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/debian/rules.d/2-binary-arch.mk b/debian/rules.d/2-binary-arch.mk
index 5627af5..c289d11 100644
--- a/debian/rules.d/2-binary-arch.mk
+++ b/debian/rules.d/2-binary-arch.mk
@@ -67,7 +67,7 @@ endif
$(pkgdir)/boot/config-$(abi_release)-$*
install -m644 $(abidir)/$*
$(pkgdir)/boot/abi-$(abi_release)-$*
- install -m644 $(builddir)/build-$*/System.map
+ install -m600 $(builddir)/build-$*/System.map
$(pkgdir)/boot/System.map-$(abi_release)-$*
ifeq ($(no_dumpfile),)
makedumpfile -g $(pkgdir)/boot/vmcoreinfo-$(abi_release)-$*
--
1.7.2.3


--
Kees Cook
Ubuntu Security Team

--
kernel-team mailing list
kernel-team@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/kernel-team
 

Thread Tools




All times are GMT. The time now is 06:58 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org