This patch changes the permissions of the procfs entries ioports and iomem to restrict non-root users from accessing them.
It's also available at http://pearls.tuxedo-es.org/patches/security/proc-privacy-1_kernel_resource.c.patch. (last patch from the procfs privacy patch-set) The whole patch is available at: http://pearls.tuxedo-es.org/patches/security/proc-privacy-1.patch Cheers, -- Lorenzo Hernández García-Hierro <[EMAIL PROTECTED]> [1024D/6F2B2DEC] & [2048g/9AE91A22][http://tuxedo-es.org]
diff -puN kernel/resource.c~proc-privacy-1 kernel/resource.c
--- linux-2.6.11/kernel/resource.c~proc-privacy-1 2005-04-17 18:06:56.221782784 +0200
+++ linux-2.6.11-lorenzo/kernel/resource.c 2005-04-17 18:07:55.685742888 +0200
@@ -136,10 +136,10 @@ static int __init ioresources_init(void)
{
struct proc_dir_entry *entry;
- entry = create_proc_entry("ioports", 0, NULL);
+ entry = create_proc_entry("ioports", S_IRUSR, NULL);
if (entry)
entry->proc_fops = &proc_ioports_operations;
- entry = create_proc_entry("iomem", 0, NULL);
+ entry = create_proc_entry("iomem", S_IRUSR, NULL);
if (entry)
entry->proc_fops = &proc_iomem_operations;
return 0;
signature.asc
Description: This is a digitally signed message part
