Date: Tue, 28 May 1996 10:31:06 -0700 (PDT) From: Jim Dennis <jimd@mistery.mcafee.com> To: jrclark@felix.iupui.edu (John Clark) Cc: questions@freebsd.org Subject: Re: kernel file permissions Message-ID: <199605281731.KAA18866@mistery.mcafee.com> In-Reply-To: <2.2.32.19960528110438.0030d694@felix.iupui.edu> from "John Clark" at May 28, 96 10:59:46 am
next in thread | previous in thread | raw e-mail | index | archive | help
> > Hello, > > I was looking at the default kernel permissions... Is there any need to > have them so open? Why should there be read and execute permissions for the > "other" group? I suppose, you could reverse that question on me: "why not > let everyone read and execute it?" > > Anyway, it seems to work great like this: > > -r-------- 1 root wheel 705521 May 21 12:33 kernel > -r-------- 1 root wheel 1139171 May 18 12:15 kernel.gen > > Call me anal, but this seems much more desirable. If someone knows of a > reason why the above permissions may be bad (ie. different run levels?), > please let me know -- but it works just fine as far as I can tell. Some debuggers and/or some diagnostics might need to read the kernel to look for some data structures. Linux has a /System.map for some reason. However I run my Linux and FreeBSD systems with read-only kernels. I see no security benefit to non-readable kernel (particularly as the src tree usually must be at least "group" readable). I also add 'chflags syschg' to that -- so it's harder for me to damage a kernel file (or any of my libs, or bins) even when I'm su'd to 'root' Jim Dennis, System Administrator, McAfee Associates
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199605281731.KAA18866>