From: Eugene Teo <eugene@redhat.com>
To: Cong Wang <amwang@redhat.com>
Cc: Andrew Morton <akpm@linux-foundation.org>,
linux-kernel@vger.kernel.org, Neil Horman <nhorman@tuxdriver.com>,
WANG Cong <xiyou.wangcong@gmail.com>,
Frederic Weisbecker <fweisbec@gmail.com>,
Wu Fengguang <fengguang.wu@intel.com>,
Dan Carpenter <error27@gmail.com>, Tejun Heo <tj@kernel.org>,
Vivek Goyal <vgoyal@redhat.com>,
Arjan van de Ven <arjan@infradead.org>
Subject: Re: [RFC Patch] kcore: restrict access to the whole memory
Date: Thu, 23 Dec 2010 22:39:05 +0800 [thread overview]
Message-ID: <4D135F09.3080700@redhat.com> (raw)
In-Reply-To: <4D131DEA.4050206@redhat.com>
On 12/23/2010 06:01 PM, Cong Wang wrote:
> 于 2010年12月23日 07:02, Andrew Morton 写道:
>> On Wed, 22 Dec 2010 19:21:59 +0800
>> Amerigo Wang<amwang@redhat.com> wrote:
>>
>>> This patch restricts /proc/kcore from accessing the whole memory,
>>> instead, only an ELF header can be read.
>>>
>>> The initial patch was done by Vivek.
>>
>> Getting a bit tired of this.
>>
>> Are we supposed to be mind-readers? How else are we to work out why
>> you think Linux needs this feature? What problems it solves? What
>> applications are expected to break and what the breakage patterns are?
>> Why the benefits are worth the maintenance costs and the risk of
>> breakage? Why it's done with a config option and not a boot-time or
>> runtime tunable?
As opposed to /dev/{mem,kmem}, /proc/kcore is read-only. It is meant to
be a preventive measure to disallow privileged users from reading the
kcore file beyond the ELF headers as it can contain sensitive
information. This is based on a patch that we have been carrying in Red
Hat Enterprise Linux 5 for a few years. I believe other distributions
also have similar restrictions.
Thanks, Eugene
prev parent reply other threads:[~2010-12-23 14:39 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-12-22 11:21 [RFC Patch] kcore: restrict access to the whole memory Amerigo Wang
2010-12-22 23:02 ` Andrew Morton
2010-12-23 10:01 ` Cong Wang
2010-12-23 14:39 ` Eugene Teo [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4D135F09.3080700@redhat.com \
--to=eugene@redhat.com \
--cc=akpm@linux-foundation.org \
--cc=amwang@redhat.com \
--cc=arjan@infradead.org \
--cc=error27@gmail.com \
--cc=fengguang.wu@intel.com \
--cc=fweisbec@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=nhorman@tuxdriver.com \
--cc=tj@kernel.org \
--cc=vgoyal@redhat.com \
--cc=xiyou.wangcong@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox