Re: [kernel-hardening] procfs mount options

[Vasiliy Kulikov <segoon@openwall.com>]

[-- Attachment #1: Type: text/plain, Size: 1284 bytes --]

Solar,

On Sun, Jun 05, 2011 at 00:59 +0400, Solar Designer wrote:
> > > This is not generic, but at least it's simple, not
> > > confusing, and it allows for future changes (we may change what exactly
> > > restricted means).
> > 
> > Changing what some option means after implementing it is a ABI breakage,
> > which is terrible for upstream.
> 
> This depends on how the option is defined initially.  It is possible to
> define the option as "enabling unspecified version-dependent restrictions,
> which are subject to change across kernel versions and builds". ;-)  OK,
> the word "unspecified" may be dropped.

Everything that is implemented should behave the same way it was
initially implemented, regardless of what is explicitly marked as "ABI".
This is upsteam's way to define "ABI" term.  Often they deliberately
break such ABI, but normally this is not encouraged.

> Here's a related thought: if these mount options happen to affect all
> instances of the filesystem (in the same container), maybe they should
> be sysctl's instead?

AFAIR, only net namespaces have their own sysctl sets.  Other sysctls
are global.  So, implementing pid_namespace-specific sysctl would be a
bit weird (according to current policies).

Thanks,

-- 
Vasiliy

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 836 bytes --]