Re: [kernel-hardening] Re: [RFC PATCH 2/2] mm: restrict access to /proc/slabinfo

From: Valdis . Kletnieks
Date: Mon Sep 19 2011 - 16:01:10 EST

Next message: Christoph Lameter: "Re: [kernel-hardening] Re: [RFC PATCH 2/2] mm: restrict access to/proc/slabinfo"
Previous message: Andi Kleen: "Re: [PATCH 1/7] BTRFS: Fix lseek return value for error"
In reply to: Christoph Lameter: "Re: [kernel-hardening] Re: [RFC PATCH 2/2] mm: restrict access to/proc/slabinfo"
Next in thread: Christoph Lameter: "Re: [kernel-hardening] Re: [RFC PATCH 2/2] mm: restrict access to/proc/slabinfo"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 19 Sep 2011 12:51:10 CDT, Christoph Lameter said:

> IMHO a restriction of access to slab statistics is reasonable in a
> hardened environment. Make it dependent on CONFIG_SECURITY or some such
> thing?

Probably need to invent a separate Kconfig variable - CONFIG_SECURITY
is probably a way-too-big hammer for this nail. I can see lots of systems
that want to enable that, but won't want to tighten access to slab.

Attachment: pgp00000.pgp
Description: PGP signature

Next message: Christoph Lameter: "Re: [kernel-hardening] Re: [RFC PATCH 2/2] mm: restrict access to/proc/slabinfo"
Previous message: Andi Kleen: "Re: [PATCH 1/7] BTRFS: Fix lseek return value for error"
In reply to: Christoph Lameter: "Re: [kernel-hardening] Re: [RFC PATCH 2/2] mm: restrict access to/proc/slabinfo"
Next in thread: Christoph Lameter: "Re: [kernel-hardening] Re: [RFC PATCH 2/2] mm: restrict access to/proc/slabinfo"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]