Re: /dev/ksyms permissions

To: Mouse <mouse%Rodents-Montreal.ORG@localhost>, tech-kern%NetBSD.org@localhost
Subject: Re: /dev/ksyms permissions
From: Anders Magnusson <ragge%ludd.ltu.se@localhost>
Date: Wed, 17 Jan 2018 21:43:24 +0100

Den 2018-01-17 kl. 20:20, skrev Mouse:

Maybe group kmem read, but that might require more elevated
privileges in the programs that uses ksyms.

What program uses ksyms now that doesn't require at least group kmem?

You cannot give up kmem read privileges when calling ksyms read
routines.

I don't see why not - or, at least, I don't see the ksyms change as
being relevant.  Just read /dev/ksyms at startup (at the same time as
you open /dev/kmem, probably), before dropping group kmem.  Isn't that
all this change (making /dev/ksyms 440 root:kmem) requires?

You still have to call library functions with elevated privileges compared
with today.  May not be a big problem, but the code should be audited first
and this behaviour documented.

-- Ragge

Follow-Ups:
- Re: /dev/ksyms permissions
  - From: Maxime Villard

References:
- /dev/ksyms permissions
  - From: coypu
- Re: /dev/ksyms permissions
  - From: Anders Magnusson
- Re: /dev/ksyms permissions
  - From: Mouse
- Re: /dev/ksyms permissions
  - From: Anders Magnusson
- Re: /dev/ksyms permissions
  - From: Mouse

Prev by Date: Re: /dev/ksyms permissions
Next by Date: Re: amd64: kernel aslr support
Previous by Thread: Re: /dev/ksyms permissions
Next by Thread: Re: /dev/ksyms permissions
Indexes:

Home | Main Index | Thread Index | Old Index