[grsec] grsec for vmsplice-bug-fixed Linux 2.6?
Peter Kosinar
goober at ksp.sk
Thu Feb 14 16:17:55 EST 2008
Hiyas,
> Ah yes. Is having the System.map worldreadable a "security risc" in any
> way then?
Yes, it is. Generally, anything that provides the attacker with extra
information (s)he didn't possess before is a security risk. Naturally,
this doesn't mean that this file is the sole source of said information;
for example, the kernel image itself is just as good or even better.
> It still won't work:
>
> "grsec: ... denied write of /dev/kmem by /bin/dd"
Yup. Using grsecurity to prevent others from modifying your kernel on the
fly might... prevent you from doing the same. If you have modules support
enabled, you might have more luck by loading an LKM and hooking the
syscall.
Peter
--
[Name] Peter Kosinar [Quote] 2B | ~2B = exp(i*PI) [ICQ] 134813278
More information about the grsecurity
mailing list