> libkvm uses it to get the kernel symbol namelist instead of reading > /netbsd for it (originally kvmdb, which was retired when ksyms was > added). Programs like ps, netstat etc... uses it to find in-kernel > stuff, so you cannot change it to require root privs to be read.
But the symbol values are useless except for reading kernel memory (and kernel-side debugging, which latter I think we can assume can assume root access for). So I see no harm changing /dev/ksyms to be 440 root:kmem. (I don't _like_ it, and would configure my own systems otherwise, but that's for much the same reasons I dislike kaslr, which are fairly specific to my use aptterns.) > Maybe group kmem read, but that might require more elevated > privileges in the programs that uses ksyms. What program uses ksyms now that doesn't require at least group kmem? /~\ The ASCII Mouse \ / Ribbon Campaign X Against HTML mo...@rodents-montreal.org / \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B