Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S261563AbVA2TY2 (ORCPT ); Sat, 29 Jan 2005 14:24:28 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S261558AbVA2TTr (ORCPT ); Sat, 29 Jan 2005 14:19:47 -0500 Received: from neapel230.server4you.de ([217.172.187.230]:26029 "EHLO neapel230.server4you.de") by vger.kernel.org with ESMTP id S261556AbVA2TSu (ORCPT ); Sat, 29 Jan 2005 14:18:50 -0500 Message-ID: <41FBE18B.2010105@lsrfire.ath.cx> Date: Sat, 29 Jan 2005 20:18:35 +0100 From: Rene Scharfe User-Agent: Mozilla Thunderbird 1.0 (Windows/20041206) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Al Viro Cc: linux-kernel@vger.kernel.org Subject: Re: [PATCH] Restrict procfs permissions References: <20050129024542.GB12270@lsrfire.ath.cx> <20050129044109.GR8859@parcelfarce.linux.theplanet.co.uk> In-Reply-To: <20050129044109.GR8859@parcelfarce.linux.theplanet.co.uk> X-Enigmail-Version: 0.90.0.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1989 Lines: 49 Al Viro wrote: > On Sat, Jan 29, 2005 at 03:45:42AM +0100, Rene Scharfe wrote: > >> The patch is inspired by the /proc restriction parts of the >> GrSecurity patch. The main difference is the ability to configure >> the restrictions dynamically. You can change the umask setting by >> running >> >> # mount -o remount,umask=007 /proc >> >> Testing has been *very* light so far -- it compiles and boots. >> Patch is against 2.6.11-rc2-bk6. >> >> Comments are very welcome. > > > It leaves already existing inodes with whatever mode they used to > have. I said "configure the restrictions dynamically" but I meant "doesn't need a recompile to change settings". I expect the umask to be specified in /etc/fstab and rarely changed in a running system. With that in mind I think the patch is useful as-is, especially because it's so small. But I agree, that thing is a dirty hack. :] > _IF_ you want to do that sort of things, do it right - add > ->permission() that would apply that umask before checks and if you > want it to be seen in results of stat(2) - add ->gettattr() and do > the same there. Aww, that sounds expensive. My favourite solution would be to only allow the umask to be changed at mount time, not when remounting. Calling parse_options from proc_fill_super, only and not from proc_remount does not help very much because proc_fill_super is only called at boot (or proc module load time). Is there another way? While we are here: how would one change the uid or gid parameter? With a built-in proc fs the mount -a -t proc in the init scripts only results in a proc_remount call which (in mainline) doesn't bother looking at parameters at all. The same is true for a unmount, mount sequence. Thanks, Rene - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/