Re: [Security] [PATCH] kernel: make /proc/kallsyms mode 400 toreduce ease of attacking

[Ingo Molnar]

* Willy Tarreau <w@xxxxxx> wrote:

> > Not an 'arms race' thing where we just put obstruction in the road of attackers 
> > - but some real, unavoidable risk not detectable by attackers - running on most 
> > stock distro kernels. (so there would be a real economy of scale)
> > 
> > The kerneloops client could also collect exploit attempt stats.
> 
> Well, in my opinion, either the attacker is remote and you can already get many 
> info, or he's local and has time to precisely qualify the environment in order not 
> to leave the slightest trace. [...]

Your view of how attackers operate is rather simplistic. Knowing the precise 
environment (via remote or local measures) is a big tactical advantage to them.

See the very patch we are discussing. People are submitting patches to hide certain 
pieces of information exactly because that information is an advantage to attackers.

And my point is that "if you want to hide information do it effectively - or if it's 
too hard dont do it at all".

Thanks,

	Ingo
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/