Arch Linux

Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines

Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!
Tasklist

FS#21787 - [initscripts] remove read permissions from /proc/kallsyms

Attached to Project: Arch Linux
Opened by Corrado Primier (bardo) - Monday, 22 November 2010, 17:04 GMT
Last edited by Jan de Groot (JGC) - Monday, 04 April 2011, 16:51 GMT
Task Type Feature Request
Category Initscripts
Status Closed
Assigned To Tobias Powalowski (tpowa)
Thomas Bächler (brain0)
Tom Gundersen (tomegun)
Architecture All
Severity Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

A commit in linux 2.6.37-rc3 encourages distributions to 'chmod -r /proc/kallsyms' in their init scripts to reduce ease of attacking.

Relevant commit: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=33e0d57f5d2f079104611be9f3fccc27ef2c6b24
This task depends upon

Closed by  Jan de Groot (JGC)
Monday, 04 April 2011, 16:51 GMT
Reason for closing:  Won't implement
Additional comments about closing:  See last comment.
Comment by Dave Reisner (falconindy) - Thursday, 03 March 2011, 00:27 GMT
Note the portion of the revert that says 'this can break certain userland setups'. There's an enormous thread [1] associated with this revert which points out a slippery slope of disabling access to /proc/modules, /proc/$PID/stack, /proc/mtrr, etc... What you'd end up with is an extremely locked down system not necessarily suitable for everyday desktop use, and you'd likely end up with even more broken userland apps.

This is the kind of thing that, imo, is more suited for a setup using grsecurity or selinux.

[1] https://lkml.org/lkml/2010/11/16/110

Loading...