Re: [kernel-hardening] Re: [PATCH] proc: restrict access to /proc/interrupts

From: H. Peter Anvin
Date: Mon Nov 07 2011 - 15:48:21 EST

Next message: Matthew Garrett: "Re: [PATCH v3] x86, efi: Calling __pa() with an ioremap'd addressis invalid"
Previous message: H. Peter Anvin: "Re: [PATCH v3] x86, efi: Calling __pa() with an ioremap'd addressis invalid"
In reply to: Vasiliy Kulikov: "Re: [kernel-hardening] Re: [PATCH] proc: restrict access to/proc/interrupts"
Next in thread: Linus Torvalds: "Re: [kernel-hardening] Re: [PATCH] proc: restrict access to /proc/interrupts"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 11/07/2011 12:11 PM, Vasiliy Kulikov wrote:
>
> My statement was about static files - /proc/{interrupts,meminfo,stat,cpuinfo}.
> They don't change during the system life. /proc/$PID/* files are indeed
> dymanic and the first link in my quoted email was about addition of such
> mount options.
>

You didn't really get my point. There are global nodes which are
dynamic, and more importantly the *set* changes across the system life.
A global policy option is a lot easier to deal with for the vast
majority of users who don't need fine grain control.

-hpa

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Matthew Garrett: "Re: [PATCH v3] x86, efi: Calling __pa() with an ioremap'd addressis invalid"
Previous message: H. Peter Anvin: "Re: [PATCH v3] x86, efi: Calling __pa() with an ioremap'd addressis invalid"
In reply to: Vasiliy Kulikov: "Re: [kernel-hardening] Re: [PATCH] proc: restrict access to/proc/interrupts"
Next in thread: Linus Torvalds: "Re: [kernel-hardening] Re: [PATCH] proc: restrict access to /proc/interrupts"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]