Re: [PATCH 1/2] procfs: restore 0400 permissions on/proc/*/{syscall,stack,personality}

From: Al Viro
Date: Mon Aug 26 2013 - 13:21:06 EST

Next message: Michael S. Tsirkin: "[no subject]"
Previous message: Guenter Roeck: "Re: [PATCH] USB: OHCI: fix build error related to ohci_suspend/resume"
In reply to: Eric W. Biederman: "Re: [PATCH 1/2] procfs: restore 0400 permissions on /proc/*/{syscall,stack,personality}"
Next in thread: Djalal Harouni: "Re: [PATCH 1/2] procfs: restore 0400 permissions on/proc/*/{syscall,stack,personality}"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Aug 26, 2013 at 09:49:48AM -0700, Eric W. Biederman wrote:

> How does changing the permissions to S_IRUSR prevent someone from
> opening the file before, and reading the file after a suid exec?
>
> > This patch restores the old mode which was 0400
>
> Which seems to add no security whatsoever and obscure the fact that
> anyone who cares can read the file so what is the point?

Two words: "security sclerosis". Both patches NAKed, of course.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Michael S. Tsirkin: "[no subject]"
Previous message: Guenter Roeck: "Re: [PATCH] USB: OHCI: fix build error related to ohci_suspend/resume"
In reply to: Eric W. Biederman: "Re: [PATCH 1/2] procfs: restore 0400 permissions on /proc/*/{syscall,stack,personality}"
Next in thread: Djalal Harouni: "Re: [PATCH 1/2] procfs: restore 0400 permissions on/proc/*/{syscall,stack,personality}"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]