/boot/vmlinuz-* readable only by root, preventing userspace tools like libguestfs from using host kernel.
john.johansen at canonical.com
Thu May 22 09:18:08 UTC 2014
On 05/22/2014 01:24 AM, Robie Basak wrote:
> This will probably want the attention of the kernel team for a reply, so
> forwarding there. Is there maybe a security reason why it is arranged
> this way? I note that System.map is the same.
It was done deliberately to make it harder for an attacker to obtain
information about the kernel (addresses of kernel symbols). However the
actual value of doing this is nominal as an attacker can download the file
and hard code the addresses with in an exploit or have the exploit down
load the file it self, or use a service like ksymhunter.
More information about the kernel-team