> But I don't know if there is anything else than the profiling code > that _really_ wants access to /proc/kallsyms in user space as a > regular user.
Am unsure about this, but kprobes? (/jprobes/kretprobes), and by extension, wrappers over this infra (like SystemTap)? I (hazily) recollect a script I once wrote (years back though) that collects kernel virtual addresses off of kallsyms for the purpose of passing them to a 'helper' kernel module that uses kprobes. I realize that 'modern' kprobes exposes APIs that just require the symbolic name & that they're anyway at kernel privilege... but the point is, a usermode script was picking up and passing the kernel addresses. Also, what about kernel addresses exposed via System.map? Oh, just checked, it's root rw only.. pl ignore. > That said, that patch also fixes the /proc/kallsyms root check, in > that now you can do: > > sudo head < /proc/kallsyms > > and it still shows all zeroes - because the file was *opened* as a > normal user. That's how UNIX file access security works, and how it is > fundamentally supposed to work (ie passing a file descriptor to a sui > program doesn't magically make it gain privileges). Indeed.
