From: Kees Cook <keescook@chromium.org>
To: Topi Miettinen <toiwoton@gmail.com>
Cc: "Eric W. Biederman" <ebiederm@xmission.com>,
Luis Chamberlain <mcgrof@kernel.org>,
Alexey Dobriyan <adobriyan@gmail.com>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"open list:FILESYSTEMS (VFS and infrastructure)"
<linux-fsdevel@vger.kernel.org>
Subject: Re: [PATCH] Allow restricting permissions in /proc/sys
Date: Tue, 12 Nov 2019 15:19:00 -0800 [thread overview]
Message-ID: <201911121517.DC317D5D@keescook> (raw)
In-Reply-To: <1b0f94ef-ab1c-cb79-dd52-954cf0438af1@gmail.com>
On Tue, Nov 05, 2019 at 09:35:46AM +0200, Topi Miettinen wrote:
> On 5.11.2019 1.41, Eric W. Biederman wrote:
> > My sense is that if there is any kind of compelling reason to make
> > world-readable values not world-readable, and it doesn't break anything
> > (except malicious applications) than a kernel patch is probably the way
> > to go.
>
> With kernel patch, do you propose to change individual sysctls to not
> world-readable? That surely would help everybody instead of just those who
> care enough to change /proc/sys permissions. I guess it would also be more
> effort by an order of magnitude or two to convince each owner of a sysctl to
> accept the change.
I would think of this as a two-stage process: provide a mechanism to
tighten permissions arbitrarily so that it is easier to gather evidence
about which could have their default changed in the future.
> These code paths have not changed much or at all since the initial version
> in 2007, so I suppose the maintenance burden has not been overwhelming.
>
> By the way, /proc/sys still allows changing the {a,c,m}time. I think those
> are not backed anywhere, so they probably suffer from same caching problems
> as my first version of the patch.
Is a v2 of this patch needed? It wasn't clear to me if the inode modes
were incorrectly cached...?
--
Kees Cook
next prev parent reply other threads:[~2019-11-12 23:19 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-11-03 14:55 [PATCH] Allow restricting permissions in /proc/sys Topi Miettinen
2019-11-03 17:56 ` Theodore Y. Ts'o
2019-11-03 19:24 ` Topi Miettinen
2019-11-12 23:15 ` Kees Cook
2019-11-03 18:50 ` Eric W. Biederman
2019-11-03 19:38 ` Topi Miettinen
2019-11-04 15:44 ` Eric W. Biederman
2019-11-04 17:58 ` Topi Miettinen
2019-11-04 23:41 ` Eric W. Biederman
2019-11-05 7:35 ` Topi Miettinen
2019-11-12 23:19 ` Kees Cook [this message]
2019-11-13 1:04 ` Luis Chamberlain
2019-11-12 23:22 ` Christian Brauner
2019-11-13 4:50 ` Andy Lutomirski
2019-11-13 10:52 ` Topi Miettinen
2019-11-13 16:00 ` Jann Horn
2019-11-13 16:19 ` Topi Miettinen
2019-11-13 16:40 ` Jann Horn
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=201911121517.DC317D5D@keescook \
--to=keescook@chromium.org \
--cc=adobriyan@gmail.com \
--cc=ebiederm@xmission.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mcgrof@kernel.org \
--cc=toiwoton@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).