From d74f88f14ef8b613ad66a2436e99b09684fa821a Mon Sep 17 00:00:00 2001 From: markj Date: Fri, 28 Jul 2017 03:14:31 +0000 Subject: [PATCH] Restrict permissions on /dev/ksyms to 0400. The ksyms(4) device was added specifically for use by lockstat(1), which as a DTrace consumer must run as root. Discussed with: emaste MFC after: 3 days --- sys/dev/ksyms/ksyms.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sys/dev/ksyms/ksyms.c b/sys/dev/ksyms/ksyms.c index 6172921008aa..11817f6be5f5 100644 --- a/sys/dev/ksyms/ksyms.c +++ b/sys/dev/ksyms/ksyms.c @@ -592,7 +592,7 @@ ksyms_modevent(module_t mod __unused, int type, void *data __unused) case MOD_LOAD: mtx_init(&ksyms_mtx, "KSyms mtx", NULL, MTX_DEF); ksyms_dev = make_dev(&ksyms_cdevsw, 0, UID_ROOT, GID_WHEEL, - 0444, KSYMS_DNAME); + 0400, KSYMS_DNAME); break; case MOD_UNLOAD: