This patch changes the permissions of the procfs entries ioports and iomem to restrict non-root users from accessing them.
It's also available at http://pearls.tuxedo-es.org/patches/security/proc-privacy-1_kernel_resource.c.patch. (last patch from the procfs privacy patch-set) The whole patch is available at: http://pearls.tuxedo-es.org/patches/security/proc-privacy-1.patch Cheers, -- Lorenzo Hernández García-Hierro <[EMAIL PROTECTED]> [1024D/6F2B2DEC] & [2048g/9AE91A22][http://tuxedo-es.org]
diff -puN kernel/resource.c~proc-privacy-1 kernel/resource.c --- linux-2.6.11/kernel/resource.c~proc-privacy-1 2005-04-17 18:06:56.221782784 +0200 +++ linux-2.6.11-lorenzo/kernel/resource.c 2005-04-17 18:07:55.685742888 +0200 @@ -136,10 +136,10 @@ static int __init ioresources_init(void) { struct proc_dir_entry *entry; - entry = create_proc_entry("ioports", 0, NULL); + entry = create_proc_entry("ioports", S_IRUSR, NULL); if (entry) entry->proc_fops = &proc_ioports_operations; - entry = create_proc_entry("iomem", 0, NULL); + entry = create_proc_entry("iomem", S_IRUSR, NULL); if (entry) entry->proc_fops = &proc_iomem_operations; return 0;
signature.asc
Description: This is a digitally signed message part