From: Albert Cahalan <albert@users.sf.net>
To: Rene Scharfe <rene.scharfe@lsrfire.ath.cx>
Cc: linux-kernel mailing list <linux-kernel@vger.kernel.org>,
Bodo Eggert <7eggert@gmx.de>, Andrew Morton OSDL <akpm@osdl.org>,
viro@parcelfarce.linux.theplanet.co.uk, pj@engr.sgi.com
Subject: Re: [RFC][PATCH] Simple privacy enhancement for /proc/<pid>
Date: Tue, 12 Apr 2005 01:29:35 -0400 [thread overview]
Message-ID: <1113283776.2325.167.camel@cube> (raw)
In-Reply-To: <20050410153855.GA24905@lsrfire.ath.cx>
On Sun, 2005-04-10 at 17:38 +0200, Rene Scharfe wrote:
> Albert, allowing access based on tty sounds nice, but it _is_ expansive.
> More importantly, perhaps, it would "virtualize" /proc: every user would
> see different permissions for certain files in there. That's too comlex
> for my taste.
If you really can't allow access based on tty, then at least allow
access if any UID value matches any UID value. Without this, a user
can not always see a setuid program they are running.
> First, configuring via kernel parameters is sufficient. It simplifies
> implementation a lot because we know the settings cannot change. And we
> don't need the added flexibility of sysctls anyway -- I assume these
> parameters are set at installation time and never touched again.
This means mucking with boot parameters, which can be a pain.
The various boot loaders do not all use the same config file.
> Then I suppose we don't need to be able to fine-tune the permissions for
> each file in /proc/<pid>/. All that we need is a distinction between
> "normal" users (which are to be restricted) and admins (which need to
> see everything).
The /proc/*/maps file sure is different from the /proc/*/status file.
The same for all the others, really.
> This patch introduces two kernel parameters: proc.privacy and proc.gid.
> The group ID attribute of all files below /proc/<pid> is set to
> proc.gid, but only if you activate the feature by setting proc.privacy
> to a non-zero value.
This is very bad. Please do not change the GID as seen by
the stat() call. This value is used.
next prev parent reply other threads:[~2005-04-12 6:04 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-04-10 15:38 [RFC][PATCH] Simple privacy enhancement for /proc/<pid> Rene Scharfe
2005-04-10 18:07 ` Bodo Eggert
2005-04-11 21:19 ` Rene Scharfe
2005-04-12 5:29 ` Albert Cahalan [this message]
2005-04-12 21:16 ` Rene Scharfe
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1113283776.2325.167.camel@cube \
--to=albert@users.sf.net \
--cc=7eggert@gmx.de \
--cc=akpm@osdl.org \
--cc=linux-kernel@vger.kernel.org \
--cc=pj@engr.sgi.com \
--cc=rene.scharfe@lsrfire.ath.cx \
--cc=viro@parcelfarce.linux.theplanet.co.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox