dkms and corruption of kernel-devel package
John Reiser
jreiser at bitwagon.com
Fri Aug 24 15:34:25 UTC 2012
> the copy in /usr/src/kernels/ is
> world-readable and the one in /boot/ isn't, for example
>
> [root at compaq-pc ~]# ls -l /boot/System.map-3.5.2-3.fc17.x86_64 /usr/src/kernels/3.5.2-3.fc17.x86_64/System.map
> -rw-------. 1 root root 2468248 Aug 21 15:24 /boot/System.map-3.5.2-3.fc17.x86_64
> -rw-r--r--. 1 root root 2468248 Aug 21 15:25 /usr/src/kernels/3.5.2-3.fc17.x86_64/System.map
> [root at compaq-pc ~]#
/boot/System.map is always-present system-specific info which may be useful
to malware for an attack on the running system.
The version in /usr/src/kernels is not present on every machine,
and is more generic: at least a little bit less likely to be correct
for the currently-running kernel.
--
More information about the devel
mailing list