On Fri, Nov 26, 2010 at 08:48:09AM +0100, Ingo Molnar wrote:
quoted text
> 
> * Linus Torvalds <torvalds@linux-foundation.org> wrote:
> 
> > On Fri, Nov 19, 2010 at 11:19 AM, Sarah Sharp
> > <sarah.a.sharp@linux.intel.com> wrote:
> > >
> > > .config and dmesg are attached.  The box is running klogd 1.5.5ubuntu3
> > > (from Jaunty).  Yes, I know that's old.  I read the bit in the commit
> > > about changing the permissions of kallsyms after boot, but if I can't
> > > boot that doesn't help.  Perhaps this can be made a configuration
> > > option?
> > 
> > It's not worth a config option.
> > 
> > If it actually breaks user-space, I think we should just revert it.
> 
> Sarah,
> 
> Does your system boot fine if we make /proc/kallsyms simply an empty file to 
> unprivileged users? Something like the (untested ...) patch below.

Yes, that works.  The system boots as normal. `cat /proc/kallsyms`
returns an empty file, and `sudo cat /proc/kallsyms` does not.

Sarah Sharp


quoted text
> diff --git a/kernel/kallsyms.c b/kernel/kallsyms.c
> index 6f6d091..d54c993 100644
> --- a/kernel/kallsyms.c
> +++ b/kernel/kallsyms.c
> @@ -465,7 +465,7 @@ static int s_show(struct seq_file *m, void *p)
>  	struct kallsym_iter *iter = m->private;
>  
>  	/* Some debugging symbols have no name.  Ignore them. */
> -	if (!iter->name[0])
> +	if (!iter->name[0] || !capable(CAP_SYS_ADMIN))
>  		return 0;
>  
>  	if (iter->module_name[0]) {
--
unsubscribe notice
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/