summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2010-11-19 11:54:40 -0800
committerLinus Torvalds <torvalds@linux-foundation.org>2010-11-19 11:54:40 -0800
commit33e0d57f5d2f079104611be9f3fccc27ef2c6b24 (patch)
tree8903edabbf327e9244f8751eff179f967344c27d
parent864ee6cb22fd64c1f4fba8ea3f390ffd8816b563 (diff)
Revert "kernel: make /proc/kallsyms mode 400 to reduce ease of attacking"
This reverts commit 59365d136d205cc20fe666ca7f89b1c5001b0d5a. It turns out that this can break certain existing user land setups. Quoth Sarah Sharp: "On Wednesday, I updated my branch to commit 460781b from linus' tree, and my box would not boot. klogd segfaulted, which stalled the whole system. At first I thought it actually hung the box, but it continued booting after 5 minutes, and I was able to log in. It dropped back to the text console instead of the graphical bootup display for that period of time. dmesg surprisingly still works. I've bisected the problem down to this commit (commit 59365d136d205cc20fe666ca7f89b1c5001b0d5a) The box is running klogd 1.5.5ubuntu3 (from Jaunty). Yes, I know that's old. I read the bit in the commit about changing the permissions of kallsyms after boot, but if I can't boot that doesn't help." So let's just keep the old default, and encourage distributions to do the "chmod -r /proc/kallsyms" in their bootup scripts. This is not worth a kernel option to change default behavior, since it's so easily done in user space. Reported-and-bisected-by: Sarah Sharp <sarah.a.sharp@linux.intel.com> Cc: Marcus Meissner <meissner@suse.de> Cc: Tejun Heo <tj@kernel.org> Cc: Eugene Teo <eugeneteo@kernel.org> Cc: Jesper Juhl <jj@chaosbits.net> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-rw-r--r--kernel/kallsyms.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/kernel/kallsyms.c b/kernel/kallsyms.c
index a8db2570f99..6f6d091b575 100644
--- a/kernel/kallsyms.c
+++ b/kernel/kallsyms.c
@@ -546,7 +546,7 @@ static const struct file_operations kallsyms_operations = {
static int __init kallsyms_init(void)
{
- proc_create("kallsyms", 0400, NULL, &kallsyms_operations);
+ proc_create("kallsyms", 0444, NULL, &kallsyms_operations);
return 0;
}
device_initcall(kallsyms_init);