Re: [1/1][PATCH] nproc v2: netlink access to /proc information

From: Stephen Smalley
Date: Thu Sep 09 2004 - 07:01:20 EST

Next message: Benjamin Herrenschmidt: "Re: vDSO for ppc64 : Preliminary release #3"
Previous message: Benjamin Herrenschmidt: "Re: vDSO for ppc64 : Preliminary release #3"
In reply to: Roger Luethi: "Re: [1/1][PATCH] nproc v2: netlink access to /proc information"
Next in thread: William Lee Irwin III: "Re: [1/1][PATCH] nproc v2: netlink access to /proc information"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 2004-09-08 at 14:41, Roger Luethi wrote:
> A few notes:
> - Access control can be implemented easily. Right now it would be bloat,
> though -- the vast majority of fields in /proc are world-readable
> (/proc/pid/environ being the notable exception).

They aren't world readable when using a security module like SELinux;
they are then typically only accessible by processes in the same
security domain, aside from processes in privileged domains.
security_task_to_inode() hook sets the security attributes on the
/proc/pid inodes based on their security context, and then
security_inode_permission() hook controls access to them. So you need
at least comparable controls.

--
Stephen Smalley <sds@xxxxxxxxxxxxxx>
National Security Agency

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Benjamin Herrenschmidt: "Re: vDSO for ppc64 : Preliminary release #3"
Previous message: Benjamin Herrenschmidt: "Re: vDSO for ppc64 : Preliminary release #3"
In reply to: Roger Luethi: "Re: [1/1][PATCH] nproc v2: netlink access to /proc information"
Next in thread: William Lee Irwin III: "Re: [1/1][PATCH] nproc v2: netlink access to /proc information"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]