Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1030910AbbDWUvW (ORCPT ); Thu, 23 Apr 2015 16:51:22 -0400 Received: from mail-ie0-f175.google.com ([209.85.223.175]:36590 "EHLO mail-ie0-f175.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754462AbbDWUvS (ORCPT ); Thu, 23 Apr 2015 16:51:18 -0400 MIME-Version: 1.0 In-Reply-To: <20150423185633.GA13242@kroah.com> References: <20150413190350.GA9485@kroah.com> <20150423130548.GA4253@kroah.com> <20150423163616.GA10874@kroah.com> <20150423171640.GA11227@kroah.com> <20150423185633.GA13242@kroah.com> Date: Thu, 23 Apr 2015 13:51:17 -0700 X-Google-Sender-Auth: b47uPrSmJfLqQBZuZXuRXYRaqno Message-ID: Subject: Re: [GIT PULL] kdbus for 4.1-rc1 From: Linus Torvalds To: Greg Kroah-Hartman Cc: Andy Lutomirski , Andrew Morton , Arnd Bergmann , "Eric W. Biederman" , One Thousand Gnomes , Tom Gundersen , Jiri Kosina , "linux-kernel@vger.kernel.org" , Daniel Mack , David Herrmann , Djalal Harouni Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1712 Lines: 42 On Thu, Apr 23, 2015 at 11:56 AM, Greg Kroah-Hartman wrote: > > Doing access control based on comm and cmdline is horrid, I totally > agree. But right now, any process in the system can read any other > process's comm and cmdline value out of /proc today. You have to work extra hard for it, and it's preventable anyway (ie selinux). In contrast, with the information in the kdbus message, it's almost certain that any random "enable debugging for dbus" patch will start logging it, because "it's just there". That's a big difference. Most bugs and security issues come because people make trivial make trivial mistakes, not because people explicitly go out of their way to make them. > Doesn't syslog uses it today all over the place for logging stuff that > happens in the system? Hell no. Sure, if an application explicitly says "log this message", then we save the application name. But not for random system interactions. The example Andy gave about doing things like name lookup is a good one. Doesn't systemd already do a dns cache module? Doing a name lookup is some *seriously* different thing than using "syslog()" to explicitly log messages. And if kdbus people can't see that difference, I don't see what we can discuss here. Do you really not see the privacy implications? It turns privacy violations from "you have to actually work at it" to "they happen pretty much by mistake". Linus -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/