Comment 7 for bug 759725
Revision history for this message
| Richard W.M. Jones (rich-annexia) wrote Re: [Bug 759725] Re: The kernel is no longer readable by non-root users | #7 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
73416ba
(Get the code!)
On Tue, Apr 26, 2011 at 05:25:33PM -0000, Kees Cook wrote:
> On Tue, Apr 26, 2011 at 11:21:38AM -0000, Richard W.M. Jones wrote:
> > What is being protected by this mode change? This kernel is distributed
> > on hundreds of mirrors -- there is no secret in here.
>
> The mode changes do not protect a system from any dedicated attacker (for
> the reason you state), but it does have real-world benefits against
> simplistic kernel exploitation (keeping kernel symbols away from non-root
> users). It is absolutely a trade-off.
This non-root user that we imagine has no access to the world
wide web? This is absolutely nuts, sorry.
Rich.
--
Richard Jones
Red Hat