From: Greg KH <greg@kroah.com>
To: Alan Cox <alan@lxorguk.ukuu.org.uk>
Cc: Linus Torvalds <torvalds@linux-foundation.org>,
"H. Peter Anvin" <hpa@zytor.com>,
Vasiliy Kulikov <segoon@openwall.com>,
Eric Paris <eparis@parisplace.org>,
kernel-hardening@lists.openwall.com, Valdis.Kletnieks@vt.edu,
linux-kernel@vger.kernel.org,
Alexey Dobriyan <adobriyan@gmail.com>,
Andrew Morton <akpm@linux-foundation.org>,
linux-security-module@vger.kernel.org
Subject: Re: [kernel-hardening] Re: [PATCH] proc: restrict access to /proc/interrupts
Date: Mon, 7 Nov 2011 15:27:50 -0800 [thread overview]
Message-ID: <20111107232750.GA4854@kroah.com> (raw)
In-Reply-To: <20111107232132.2c6880a5@lxorguk.ukuu.org.uk>
On Mon, Nov 07, 2011 at 11:21:32PM +0000, Alan Cox wrote:
> > It's better than nothing, but it really isn't wonderful - because it's
> > really not just about audio. And revoke doesn't work universally.
>
> BSD invented revoke but never implemented it universally. It turns out
> that this isn't a big problem. Right now we basically only have revoke
> for tty devices but we don't need it for that much more. Revoke on disk
> files and the like has simply never happened because its not a matter of
> revoke being universal so much as universal revoke being universally
> pointless.
I looked into implementing revoke() a while ago, and looked at how BSD
did it. They really only implemented it for a very narrow range of
devices (tty only I think), which is not what we really want.
I thought people wanted it for all char and block devices, if this isn't
so, then it might be easier to implement than I thought.
So, what do we really need revoke() for these days?
But that's getting away from the original topic here, sorry...
greg k-h
next prev parent reply other threads:[~2011-11-07 23:27 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-11-07 17:45 [PATCH] proc: restrict access to /proc/interrupts Vasiliy Kulikov
2011-11-07 18:06 ` Valdis.Kletnieks
2011-11-07 19:01 ` [kernel-hardening] " Vasiliy Kulikov
2011-11-07 19:01 ` Vasiliy Kulikov
2011-11-07 19:18 ` [kernel-hardening] " H. Peter Anvin
2011-11-07 19:18 ` H. Peter Anvin
2011-11-07 19:29 ` [kernel-hardening] " Vasiliy Kulikov
2011-11-07 19:48 ` Eric Paris
2011-11-07 19:50 ` H. Peter Anvin
2011-11-07 20:11 ` Vasiliy Kulikov
2011-11-07 20:47 ` H. Peter Anvin
2011-11-07 21:23 ` Linus Torvalds
2011-11-07 21:35 ` H. Peter Anvin
2011-11-07 23:07 ` Linus Torvalds
2011-11-07 23:21 ` Alan Cox
2011-11-07 23:27 ` Greg KH [this message]
2011-11-07 23:40 ` Theodore Tso
2011-11-07 23:45 ` Alan Cox
2011-11-07 23:45 ` Greg KH
2011-11-08 20:07 ` Ted Ts'o
2011-11-09 16:14 ` Greg KH
2011-11-08 9:11 ` Vasiliy Kulikov
2011-11-08 13:23 ` Alan Cox
2011-11-08 17:41 ` Vasiliy Kulikov
2011-11-08 17:06 ` John Stoffel
2011-11-07 19:54 ` Vasiliy Kulikov
2011-11-07 20:10 ` Valdis.Kletnieks
2011-11-07 20:10 ` Valdis.Kletnieks
2011-11-07 20:19 ` [kernel-hardening] " Vasiliy Kulikov
2011-11-07 20:19 ` Vasiliy Kulikov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20111107232750.GA4854@kroah.com \
--to=greg@kroah.com \
--cc=Valdis.Kletnieks@vt.edu \
--cc=adobriyan@gmail.com \
--cc=akpm@linux-foundation.org \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=eparis@parisplace.org \
--cc=hpa@zytor.com \
--cc=kernel-hardening@lists.openwall.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=segoon@openwall.com \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.