Re: [Security] [PATCH] kernel: make /proc/kallsyms mode 400 toreduce ease of attacking

[Ingo Molnar]

* Ingo Molnar <mingo@xxxxxxx> wrote:

> If your claim that 'kernel version is needed at many places' is true then why am i 
> seeing this on a pretty general distro box bootup:
> 
>  [root@aldebaran ~]# uname -a
>  Linux aldebaran 2.6.99-tip-01574-g6ba54c9-dirty #1 SMP Sun Nov 7 10:24:38 CET 2010 x86_64 x86_64 x86_64 GNU/Linux
> 
> ?
> 
> Yes, some user-space might be unhappy if we set the version _back_ to say 2.4.0, 
> but we could (as the patch below) fuzz up the version information from 
> unprivileged attackers easily.

Btw., with an 'exploit honeypot' and 'version fuzzing' the uname output would look 
like this to an unprivileged user:

  $ uname -a
  Linux aldebaran 2.6.99 x86_64 x86_64 x86_64 GNU/Linux

[ we wouldnt want to include the date or the SHA1 of the kernel, obviously. ]

And it would look like this to root:

  # uname -a
  Linux aldebaran 2.6.37-tip-01574-g6ba54c9-dirty #1 SMP Sun Nov 7 10:24:38 CET 2010 x86_64 x86_64 x86_64 GNU/Linux

	Ingo
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/