From: Herbert Poetzl <herbert@13thfloor.at>
To: Andrew Morton <akpm@osdl.org>
Cc: Rene Scharfe <rene.scharfe@lsrfire.ath.cx>,
linux-kernel@vger.kernel.org,
viro@parcelfarce.linux.theplanet.co.uk
Subject: Re: [PATCH] add umask parameter to procfs
Date: Fri, 18 Feb 2005 02:50:17 +0100 [thread overview]
Message-ID: <20050218015017.GA5044@mail.13thfloor.at> (raw)
In-Reply-To: <20050217154119.1f237921.akpm@osdl.org>
On Thu, Feb 17, 2005 at 03:41:19PM -0800, Andrew Morton wrote:
> Rene Scharfe <rene.scharfe@lsrfire.ath.cx> wrote:
> >
> > Add proc.umask kernel parameter. It can be used to restrict permissions
> > on the numerical directories in the root of a proc filesystem, i.e. the
> > directories containing process specific information.
> >
> > E.g. add proc.umask=077 to your kernel command line and all users except
> > root can only see their own process details (like command line
> > parameters) with ps or top. It can be useful to add a bit of privacy to
> > multi-user servers.
> >
> > The patch has been inspired by a similar feature in GrSecurity.
> >
> > It could have also been implemented as a mount option to procfs, but at
> > a higher cost and no apparent benefit -- changes to this umask are not
> > supposed to happen very often. Actually, the previous incarnation of
> > this patch was implemented as a half-assed mount option, but I didn't
> > know then how easy it is to add a kernel parameter.
>
> The feature seems fairly obscure, although very simple.
> Is anyone actually likely to use this?
what about parents (and especially the init process)
some tools like pstree (or ps in certain cases) depend
on their visibility/accessability ...
was this tested except for the trivial case where
just plain everything is visible?
what if you want to change it afterwards (when tools
did break)?
best,
Herbert
> > +static umode_t umask = 0;
>
> a) I think the above should be called proc_umask.
>
> b) You shouldn't initialise it.
>
> c) When adding a kernel parameter you should update
> Documentation/kernel-parameters.txt
> -
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.tux.org/lkml/
next prev parent reply other threads:[~2005-02-18 1:50 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-02-17 21:28 [PATCH] add umask parameter to procfs Rene Scharfe
2005-02-17 23:41 ` Andrew Morton
2005-02-18 1:50 ` Herbert Poetzl [this message]
2005-02-18 23:44 ` Debian User
[not found] <fa.h7bdq0l.im6ej1@ifi.uio.no>
[not found] ` <fa.fep4kfp.gmci2d@ifi.uio.no>
2005-02-18 3:22 ` Bodo Eggert
2005-02-18 3:56 ` Herbert Poetzl
2005-02-19 0:29 ` Rene Scharfe
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20050218015017.GA5044@mail.13thfloor.at \
--to=herbert@13thfloor.at \
--cc=akpm@osdl.org \
--cc=linux-kernel@vger.kernel.org \
--cc=rene.scharfe@lsrfire.ath.cx \
--cc=viro@parcelfarce.linux.theplanet.co.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox