Hello!
Is there any reason to set the permissions to 0600?
It makes the admin to login as root just to look on the
current system state.
Is there something against 0644?
-alex
On Tue, 3 Dec 2002, Alex Riesen wrote:
> Is there any reason to set the permissions to 0600?
> It makes the admin to login as root just to look on the
> current system state.
> Is there something against 0644?
i've got nothing against 0644, 0600 was just the default paranoid value.
(reading it could in theory mean an IO-APIC read.)
Ingo
On Wed, Dec 04, 2002 at 10:37:01AM -0500, Ingo Molnar wrote:
> > Is there any reason to set the permissions to 0600?
> > It makes the admin to login as root just to look on the
> > current system state.
> > Is there something against 0644?
>
> i've got nothing against 0644, 0600 was just the default paranoid value.
> (reading it could in theory mean an IO-APIC read.)
The some objections against it (in vein: most people who want to
read it, supposed to want write into it).
But as for now it seems to be the only reason to have it readable
(and such things as /proc/ide/ideN/hdX/settings) is pure curiousity:
i don't really like to bother usually overworked admin to look at the
prof_cpu_mask just to figure out why all interrupts handled by CPU0.
And he is supposed to deny any my attempts to get root-SUID cat :)
-alex
On Wed, Dec 04, 2002 at 10:37:01AM -0500, Ingo Molnar wrote:
> > Is there any reason to set the permissions to 0600?
> > It makes the admin to login as root just to look on the
> > current system state.
> > Is there something against 0644?
>
> i've got nothing against 0644, 0600 was just the default paranoid value.
> (reading it could in theory mean an IO-APIC read.)
>
Just found a patch from Olaf Dietsche (2.5.40: fix chmod/chown on procfs).
Quote:
This patch allows to change uid, gid and mode of files and directories
located in procfs.
The patch was accepted 2.5.
This perfectly solves the problem, and in very clean way, i think.
-alex