Re: [PATCH 5/7] procfs privacy: /proc/config.gz
On Mon, 18 Apr 2005, Lorenzo Hernández García-Hierro wrote: > This patch changes the permissions of the procfs entry config.gz, thus, > non-root users are restricted from accessing it. Why? What is the security benefit of doing this ? -- "Debugging is twice as hard as writing the code in the first place. Therefore, if you write the code as cleverly as possible, you are, by definition, not smart enough to debug it." - Brian W. Kernighan
[PATCH 5/7] procfs privacy: /proc/config.gz
This patch changes the permissions of the procfs entry config.gz, thus,
non-root users are restricted from accessing it.
It's also available at:
http://pearls.tuxedo-es.org/patches/security/proc-privacy-1_kernel_configs.c.patch
--
Lorenzo Hernández García-Hierro <[EMAIL PROTECTED]>
[1024D/6F2B2DEC] & [2048g/9AE91A22][http://tuxedo-es.org]
diff -puN kernel/configs.c~proc-privacy-1 kernel/configs.c
--- linux-2.6.11/kernel/configs.c~proc-privacy-1 2005-04-17 18:04:39.281600856 +0200
+++ linux-2.6.11-lorenzo/kernel/configs.c 2005-04-17 18:05:33.478361696 +0200
@@ -89,7 +89,7 @@ static int __init ikconfig_init(void)
struct proc_dir_entry *entry;
/* create the current config file */
- entry = create_proc_entry("config.gz", S_IFREG | S_IRUGO,
+ entry = create_proc_entry("config.gz", S_IFREG | S_IRUSR,
&proc_root);
if (!entry)
return -ENOMEM;
signature.asc
Description: This is a digitally signed message part
