KALLSYMS_ALL=y in Ubuntu
Tim Gardner
tcanonical at tpi.com
Wed Nov 19 15:28:58 UTC 2008
Giannis Kozyrakis wrote:
> Hello,
>
> I don't know if it's the right place to ask here on this list, but it
> seems most appropriate.
>
> I am researching about exported symbols in major distribution,
> security-wise, and I've noticed something strange along my research.
>
> Ubuntu is the only major distribution that the KALLSYMS_ALL option is
> set in the kernel configuration. (At least the Desktop version that I've
> tested)
>
> In Redhat, CentOS, Fedora, and even Debian, this is not set.
> In vanilla kernels, it is in no way a default option.
>
> I was looking into the sys_call_table symbol when I noticed it.
>
> In Ubuntu you can acquire it's address doing a
> 'cat /proc/kallsyms | grep sys_call_table'.
> In all other distros this returns nothing, in ubuntu it returns the sumbol.
>
> My question is this:
>
> Does this config option really needs to be enabled by default?
> Is it used somewhere? Is there a reason for this?
>
>
> Regards,
>
> Giannis K.
You have not presented a case for why it _should_ be disabled. Perhaps
Kees has an opinion? This seems like a debug v.s. security issue.
rtg
--
Tim Gardner tim.gardner at canonical.com
More information about the kernel-team
mailing list