From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-0.7 required=3.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 32C22C433DF for ; Thu, 11 Jun 2020 03:38:14 +0000 (UTC) Received: from shelob.surriel.com (shelob.surriel.com [96.67.55.147]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id E28DC2072F for ; Thu, 11 Jun 2020 03:38:13 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org E28DC2072F Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=vt.edu Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kernelnewbies-bounces@kernelnewbies.org Received: from localhost ([::1] helo=shelob.surriel.com) by shelob.surriel.com with esmtp (Exim 4.93) (envelope-from ) id 1jjE2B-0005p8-6p; Wed, 10 Jun 2020 23:37:43 -0400 Received: from omr1.cc.ipv6.vt.edu ([2607:b400:92:8300:0:c6:2117:b0e] helo=omr1.cc.vt.edu) by shelob.surriel.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.93) (envelope-from ) id 1jjE29-0005p2-IK for kernelnewbies@kernelnewbies.org; Wed, 10 Jun 2020 23:37:41 -0400 Received: from mr1.cc.vt.edu (inbound.smtp.ipv6.vt.edu [IPv6:2607:b400:92:9:0:9d:8fcb:4116]) by omr1.cc.vt.edu (8.14.4/8.14.4) with ESMTP id 05B3bebC009378 for ; Wed, 10 Jun 2020 23:37:40 -0400 Received: from mail-qk1-f200.google.com (mail-qk1-f200.google.com [209.85.222.200]) by mr1.cc.vt.edu (8.14.7/8.14.7) with ESMTP id 05B3bZ70007476 for ; Wed, 10 Jun 2020 23:37:40 -0400 Received: by mail-qk1-f200.google.com with SMTP id p7so3925093qkf.21 for ; Wed, 10 Jun 2020 20:37:40 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:from:to:cc:subject:in-reply-to:references :mime-version:content-transfer-encoding:date:message-id; bh=bhyLIPzBwBfiTvIFQwiwIjF1bSMQU1M+6bvuGjOxDFI=; b=QtLe9UxQ4rwJSiJjmgYRZdG/wOmFkdwU6R4YfXBcrUlrNtzshyGtxYXI9sWn4a4SWd eCHspHEHxMmK0SFw9qCtsEtAMRM24e2cZP/2IWXG8DIVNJ0kizsviPn+GohryR4qSq5X j84hZ/tyPyMACnGEOPi5Lf4f7u6u9pRcgtXmgQ25V7kTBBvIhnsFM9INCiouTefHvG6i fa7L4P2oIOb2nGq/Nuv8gxNpwO4cvTUtShgW7x2ESO5/vn0sgp1XdVbehGa9vZS8Rb3p EqXLe+R4ZsVlRjLCOcIwudwu4CoiCjYNRMb3mGmMO9In/52FKKucJWgpto4lVinUW7vM qH6Q== X-Gm-Message-State: AOAM5338kH2G2ORx9yS5u9KLa9GVr3cBa9xmVVl3urrJRK8vefU1sUFF ovbm67KjgZdFCd9hWUZP+SfT4gtCMl+VbxXSCYH94g1jpsuhsrDCoKxxYrBOz9W0uMp7tgI06el LEfUtC7+rDAFp2SsttHuKPzcOtP/g8fwi9vtsRCA= X-Received: by 2002:ac8:1bc1:: with SMTP id m1mr6418920qtk.57.1591846654813; Wed, 10 Jun 2020 20:37:34 -0700 (PDT) X-Google-Smtp-Source: ABdhPJw4affYiceNdp0/TsJFafFt531oLHM6er9vWyKEzbTvCX3onuXSXzCoUOenzSH+ZWyLPUnjdA== X-Received: by 2002:ac8:1bc1:: with SMTP id m1mr6418909qtk.57.1591846654462; Wed, 10 Jun 2020 20:37:34 -0700 (PDT) Received: from turing-police ([2601:5c0:c001:c9e1::359]) by smtp.gmail.com with ESMTPSA id 205sm1363189qkh.94.2020.06.10.20.37.32 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 10 Jun 2020 20:37:32 -0700 (PDT) From: "Valdis Kl=?utf-8?Q?=c4=93?=tnieks" X-Google-Original-From: "Valdis Kl=?utf-8?Q?=c4=93?=tnieks" X-Mailer: exmh version 2.9.0 11/07/2018 with nmh-1.7+dev To: jim.cromie@gmail.com Subject: Re: sticky bits in /proc etc In-Reply-To: References: Mime-Version: 1.0 Date: Wed, 10 Jun 2020 23:37:32 -0400 Message-ID: <25192.1591846652@turing-police> Cc: kernelnewbies X-BeenThere: kernelnewbies@kernelnewbies.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Learn about the Linux kernel List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: multipart/mixed; boundary="===============0401050027053500444==" Errors-To: kernelnewbies-bounces@kernelnewbies.org --===============0401050027053500444== Content-Type: multipart/signed; boundary="==_Exmh_1591846651_24727P"; micalg=pgp-sha1; protocol="application/pgp-signature" Content-Transfer-Encoding: 7bit --==_Exmh_1591846651_24727P Content-Type: text/plain; charset=us-ascii On Wed, 10 Jun 2020 08:24:17 -0600, jim.cromie@gmail.com said: > Id like to ask about a possible new use for file and directory sticky bits, > or setuid bits, to address the root-only use of /proc (etc) files The sticky bit and setuid/gid bits already have meanings for directories, and changing the semantics will break existing code. > this needs root > > echo module kvm +p > /proc/dynamic_debug/control > > how about this ? > > cat root-owned-readonly-file > /proc/dynamic_debug/control Nope, doesn't work that way, because the file in /proc has no way to tell that it's cat doing it from a root-owned file, versus cat doing it from a hacker-owned file. As far as the /proc file is concerned, the "echo" and "cat" commands are identical. If you have an actual need for non-root users to do this, there's always the fact that 'sudo' can be restricted to specific commands for the user, and/or the use of set-UID helper programs that validate the request and then issue it on the user's behalf. --==_Exmh_1591846651_24727P Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Comment: Exmh version 2.9.0 11/07/2018 iQIVAwUBXuGm+wdmEQWDXROgAQJopg//c8o3gWOqR/7oRvO9g4OHYepj2aE42xyz h29VNbWM2BiuCkYSeuwI82GZ5fc/6bd4CF3sp9yyzhweffpCbkJ48UGtBA6SVvbF wrvFl/uKcd5odDRuSdF3Qi4Gt8MPRg4IdgVC+zBi9WYhBkmYkFcaW598nLLJFEsN V/W1IK+L282OD66nRg8hctCSW5seelX5SH466CMjl9V4U/SkDxAcHJTUIHGJQV8Y yLFnTy9lB3HNq8lptAZcxbE9rbKdHFFSn+O5YVksouxY4V0uww757oz9kGe/qECh HvXtEGGG8UQc+hHYrWCcqz6TLicp/OXxhe4zalyDd20VjlukxMvpouFOZbuUP0uI r08TxPQLXgopCtGR6Q0soev6EyJ1vKS7IqhtpRkyan2WtdOdrUFJycrFSl83hqKI bcBmLZEiSVJ7mUnWrjZ5om9Cq2KjbhkiGCIb0z3Wa1u8tmOqAPYC/o+o7UU56bH3 YMg+gID8qlMJJpfrBZW2Ko2Y6JKzEamL068dxhDDYPOnSJHzwPZPhnAPIlHjEvq+ QjTemaIC0/cPEu/OtKH6Kj+mKwZhaDw10EHbGf7Su7CKR1v/OEhPbPhrfkBp5+Af MJuxJEzXML2dtjRIDaoSUDG63qvGtBVEQHs8XnKsRaKmyHeE/q9EuWB9ykiOSDn2 5CPBTeG5Cr0= =CtJZ -----END PGP SIGNATURE----- --==_Exmh_1591846651_24727P-- --===============0401050027053500444== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Kernelnewbies mailing list Kernelnewbies@kernelnewbies.org https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies --===============0401050027053500444==--