tech-kern archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: /dev/ksyms permissions



> libkvm uses it to get the kernel symbol namelist instead of reading
> /netbsd for it (originally kvmdb, which was retired when ksyms was
> added).  Programs like ps, netstat etc... uses it to find in-kernel
> stuff, so you cannot change it to require root privs to be read.

But the symbol values are useless except for reading kernel memory (and
kernel-side debugging, which latter I think we can assume can assume
root access for).  So I see no harm changing /dev/ksyms to be 440
root:kmem.  (I don't _like_ it, and would configure my own systems
otherwise, but that's for much the same reasons I dislike kaslr, which
are fairly specific to my use aptterns.)

> Maybe group kmem read, but that might require more elevated
> privileges in the programs that uses ksyms.

What program uses ksyms now that doesn't require at least group kmem?

/~\ The ASCII				  Mouse
\ / Ribbon Campaign
 X  Against HTML		mouse%rodents-montreal.org@localhost
/ \ Email!	     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B


Home | Main Index | Thread Index | Old Index