[src/trunk]: src/etc Create /dev/ksyms as "440 $g_kmem". This prevents unpriv...

[maxv <maxv%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/73356d9df58a
branches:  trunk
changeset: 324810:73356d9df58a
user:      maxv <maxv%NetBSD.org@localhost>
date:      Sat Jul 21 07:46:56 2018 +0000

description:
Create /dev/ksyms as "440 $g_kmem". This prevents unprivileged users from
reading the kernel symbols. Discussed in January 2018 on tech-kern@,
reported by maya@, tested by tih@.

diffstat:

 etc/MAKEDEV.tmpl |  4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

diffs (19 lines):

diff -r 236c224e9c17 -r 73356d9df58a etc/MAKEDEV.tmpl
--- a/etc/MAKEDEV.tmpl  Sat Jul 21 06:30:27 2018 +0000
+++ b/etc/MAKEDEV.tmpl  Sat Jul 21 07:46:56 2018 +0000
@@ -1,5 +1,5 @@
 #!/bin/sh -
-#      $NetBSD: MAKEDEV.tmpl,v 1.190 2018/05/20 14:08:33 thorpej Exp $
+#      $NetBSD: MAKEDEV.tmpl,v 1.191 2018/07/21 07:46:56 maxv Exp $
 #
 # Copyright (c) 2003,2007,2008 The NetBSD Foundation, Inc.
 # All rights reserved.
@@ -940,7 +940,7 @@
        mkdev           full    c %mem_chr% 11  666
        mkdev           zero    c %mem_chr% 12  666
        mkdev           klog    c %log_chr% 0   600
-       mkdev           ksyms   c %ksyms_chr% 0 444
+       mkdev           ksyms   c %ksyms_chr% 0 440 $g_kmem
        mkdev           random  c %rnd_chr% 0   444
        mkdev           urandom c %rnd_chr% 1   644
        if ! $fdesc_mounted; then