Re: [kernel-hardening] Re: [RFC PATCH 2/2] mm: restrict access to /proc/slabinfo

From: Valdis . Kletnieks
Date: Wed Sep 21 2011 - 22:23:13 EST

Next message: Stephen Rothwell: "Re: linux-next: no tree for Sept 6"
Previous message: Chen Gong: "Re: [PATCH] efi: Avoid sysfs spew on reboot and panic"
In reply to: Vasiliy Kulikov: "Re: [kernel-hardening] Re: [RFC PATCH 2/2] mm: restrict access to/proc/slabinfo"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 21 Sep 2011 21:05:27 +0400, Vasiliy Kulikov said:
> Sorry, I've poorly worded my statement. Of course I mean root-only
> slabinfo, not totally disable it.

Oh, that I can live with.. ;)

> Linus, Alan, Kees, and Dave are about to simply restrict slabinfo (and
> probably similar interfaces) to root. Pekka is OK too.
>
> Christoph and Valdis are about to create new CONFIG_ option to be able
> to restrict the access to slabinfo/etc., but with old relaxed
> permissions.

I'm OK with a decision to just make the files mode 400 and be done with it,
since I can always stick a chmod in the startup scripts if it's *really* a problem.

Just that *if* we add a CONFIG_ option, it shouldn't be slabinfo-specific, but
should cover the *other* identified info-leakers in /proc and /sys as well.

Attachment: pgp00000.pgp
Description: PGP signature

Next message: Stephen Rothwell: "Re: linux-next: no tree for Sept 6"
Previous message: Chen Gong: "Re: [PATCH] efi: Avoid sysfs spew on reboot and panic"
In reply to: Vasiliy Kulikov: "Re: [kernel-hardening] Re: [RFC PATCH 2/2] mm: restrict access to/proc/slabinfo"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]