From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752338Ab1JBK4L (ORCPT ); Sun, 2 Oct 2011 06:56:11 -0400 Received: from mail-bw0-f46.google.com ([209.85.214.46]:53687 "EHLO mail-bw0-f46.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752055Ab1JBKz6 (ORCPT ); Sun, 2 Oct 2011 06:55:58 -0400 Date: Sun, 2 Oct 2011 14:54:57 +0400 From: Vasiliy Kulikov To: Guillaume Chazarain Cc: Linus Torvalds , Linux Kernel Mailing List , Balbir Singh , kernel-hardening@lists.openwall.com Subject: Re: taskstats root only breaking iotop Message-ID: <20111002105457.GA5598@albatros> References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.20 (2009-06-14) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org (cc'ed kernel-hardening) On Sun, Oct 02, 2011 at 12:22 +0200, Guillaume Chazarain wrote: > On Sun, Oct 2, 2011 at 2:20 AM, Linus Torvalds > wrote: > > So I don't see why you ask for it. What could possibly be a valid use-case? > > Right, kbyte granularity is enough. It is not enough. In some border cases an attacker may still learn private information given the counters with _arbitrary_ granularity: http://www.openwall.com/lists/oss-security/2011/06/29/9 > And that's consistent with > /proc/vmstat, which nobody is complaining about. Me, me, it was me! Seriously, most of procfs files were created with relaxed permissions in old days when nobody thought about such infoleaks. Now it is much harder to close all of them without breaking existing users. http://www.openwall.com/lists/kernel-hardening/2011/07/28/1 http://www.openwall.com/lists/kernel-hardening/2011/09/27/3 http://www.openwall.com/lists/kernel-hardening/2011/09/19/24 http://www.openwall.com/lists/kernel-hardening/2011/09/21/2 Thanks, -- Vasiliy Kulikov http://www.openwall.com - bringing security into open computing environments