> in general, this does not need to be available What defines the need? I had a need for /proc/kcore yesterday and I had the need before.
> exposes memory that could contain very sensitive data Yes it does. But it's only exposed to the root user. And the root user can do anything to the system. Where's the added security in crippling /proc/kcore (and /dev/mem)? I'm not convinced disabling /proc/kcore adds security. It might make it a little harder for an attacker that got root rights to get to sensitive information but it won't prevent it in any case. On the other hand it disallows legitimate use of it and therefore cripples the system in an unnecessary way. I guess from now on I have to patch and recompile the kernel everytime Ubuntu releases a new image ;-( -- /proc/kcore not openable https://launchpad.net/bugs/55804 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs