Security Impact: There are many of hardware, kernel, debug information, etc. in /sys and /proc, which is especially problematic and has been the cause of many infoleaks such as kernel pointer leaks.
Security / Privacy Impact: Details about your hardware can aid attacks and can be used for identification.
Threat: This information is per Debian (and probably most popular Linux distributions) available to attackers with local code execution privileges which includes,
malicious applications collecting such information and submitting it to data collectors,
as well as both, compromised non-privileged users and the privileged root user.
Non-Threat: This information does not randomly leak to third parties on clean (non-compromised) machines through use of legitimate applications such as the APT package manager. Legitimate applications do not request the information from the kernel, let alone leak them to third-parties over the internet.
Goal: This information should by default be unavailable to non-privileged users and untrusted root.
Solution: Therefore security-misc includes the hide-hardware-info.service systemd unit.
Restricts access to /sys, /proc/cpuinfo, /proc/bus, and /proc/scsi to the root user only.
Нажмите, чтобы раскрыть...