[ubuntu-hardened] procfs: change /proc/*/{pagemap, stack, syscall, personality} files mode to 0400.
Seth Arnold
seth.arnold at canonical.com
Tue Feb 3 02:51:48 UTC 2015
On Sun, Feb 01, 2015 at 01:07:56PM +0100, Daniel Curtis wrote:
> I would like to ask if I should made similar changes in Xubuntu
> 12.04 LTS with 3.2 Linux kernel? I think about using "chmod
> method" on these files, e.g.:
>
> # chmod 0400 /proc/*/pagemap
> # chmod 0400 /proc/*/{stack,syscall,personality}
The permissions on these files are fixed by the kernel; if you try to
change the permissions, you'll find that it won't work:
chmod: changing permissions of ‘/proc/self/pagemap’: Operation not
permitted
If you want this feature, you'll need to either run a newer kernel, or
backport those commits to the kernel that you do want to run. Since it's
just changing some S_IRUGO to S_IRUSR in fs/proc/base.c, it's not a
difficult patch to make.
I don't think this specific change is worth the effort of compiling
a new kernel. You could run the Utopic kernel on Trusty (version
3.16.0-30.40~14.04.1) -- it would probably include the modified
permissions already.
For more information on running the Utopic kernel on Trusty, see
https://wiki.ubuntu.com/Kernel/LTSEnablementStack
Thanks
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-hardened/attachments/20150202/18ebb693/attachment.pgp>
More information about the ubuntu-hardened
mailing list