Is this something that we should let postinstall fix? Or what is the upgrade strategy for the users not reading source-changes? Thomas
On Sat, Jul 21, 2018 at 07:46:57AM +0000, Maxime Villard wrote: > Module Name: src > Committed By: maxv > Date: Sat Jul 21 07:46:56 UTC 2018 > > Modified Files: > src/etc: MAKEDEV.tmpl > > Log Message: > Create /dev/ksyms as "440 $g_kmem". This prevents unprivileged users from > reading the kernel symbols. Discussed in January 2018 on tech-kern@, > reported by maya@, tested by tih@. > > > To generate a diff of this commit: > cvs rdiff -u -r1.190 -r1.191 src/etc/MAKEDEV.tmpl > > Please note that diffs are not public domain; they are subject to the > copyright notices on the relevant files. > > Modified files: > > Index: src/etc/MAKEDEV.tmpl > diff -u src/etc/MAKEDEV.tmpl:1.190 src/etc/MAKEDEV.tmpl:1.191 > --- src/etc/MAKEDEV.tmpl:1.190 Sun May 20 14:08:33 2018 > +++ src/etc/MAKEDEV.tmpl Sat Jul 21 07:46:56 2018 > @@ -1,5 +1,5 @@ > #!/bin/sh - > -# $NetBSD: MAKEDEV.tmpl,v 1.190 2018/05/20 14:08:33 thorpej Exp $ > +# $NetBSD: MAKEDEV.tmpl,v 1.191 2018/07/21 07:46:56 maxv Exp $ > # > # Copyright (c) 2003,2007,2008 The NetBSD Foundation, Inc. > # All rights reserved. > @@ -940,7 +940,7 @@ std) > mkdev full c %mem_chr% 11 666 > mkdev zero c %mem_chr% 12 666 > mkdev klog c %log_chr% 0 600 > - mkdev ksyms c %ksyms_chr% 0 444 > + mkdev ksyms c %ksyms_chr% 0 440 $g_kmem > mkdev random c %rnd_chr% 0 444 > mkdev urandom c %rnd_chr% 1 644 > if ! $fdesc_mounted; then >