From: Rene Scharfe <rene.scharfe@lsrfire.ath.cx>
To: "Eric W. Biederman" <ebiederm@xmission.com>
Cc: linux-kernel mailing list <linux-kernel@vger.kernel.org>,
Andrew Morton OSDL <akpm@osdl.org>,
Albert Cahalan <albert@users.sourceforge.net>,
Wolfgang Draxinger <Wolfgang.Draxinger@campus.lmu.de>,
Bodo Eggert <7eggert@gmx.de>,
Al Viro <viro@parcelfarce.linux.theplanet.co.uk>
Subject: Re: [RFC][PATCH] procfs: add privacy options
Date: Tue, 25 Jul 2006 00:20:32 +0200 [thread overview]
Message-ID: <44C547B0.1090304@lsrfire.ath.cx> (raw)
In-Reply-To: <m18xmiogp3.fsf@ebiederm.dsl.xmission.com>
Eric W. Biederman schrieb:
> I don't really like filesystem magic options as kernel boot time options.
> Mount time or runtime options are probably more interesting.
>
> How is it expected that users will use this?
I don't expect admins to switch "privacy" on and off very often. Once
would be enough, I hope.
Mount options would be easier to use, I agree, but I doubt the added
complexity is worth it. Kernel options for procfs are not _that_
magical because the kernel mounts it internally, so it's a kernel part,
not a real filesystem ;-)
One question I couldn't find a good answer for regarding remount
options: what to do with processes that have cd'd into a /proc/<pid> dir
belonging to another user when the privacy option is being turned on?
Letting them keep their access is counter-intuitive and taking it away
would need quite invasive changes compared to my patch, I think.
> A lot of the privacy you are talking about is provided by the may_ptrace
> checks in the more sensitive parts of proc so we may want to extend
> that.
You mean using ptrace_may_attach() and/or MAY_PTRACE() for determining
access to all (or at least more) files in /proc/<pid> instead of my
proposed "chmod 500"? What are the advantages?
Thanks,
René
next prev parent reply other threads:[~2006-07-24 22:20 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-07-24 17:58 [RFC][PATCH] procfs: add privacy options Rene Scharfe
2006-07-24 21:07 ` Eric W. Biederman
2006-07-24 22:20 ` Rene Scharfe [this message]
2006-07-25 5:45 ` Arjan van de Ven
2006-07-27 14:27 ` Rene Scharfe
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=44C547B0.1090304@lsrfire.ath.cx \
--to=rene.scharfe@lsrfire.ath.cx \
--cc=7eggert@gmx.de \
--cc=Wolfgang.Draxinger@campus.lmu.de \
--cc=akpm@osdl.org \
--cc=albert@users.sourceforge.net \
--cc=ebiederm@xmission.com \
--cc=linux-kernel@vger.kernel.org \
--cc=viro@parcelfarce.linux.theplanet.co.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox