Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S261942AbVDKVTr (ORCPT ); Mon, 11 Apr 2005 17:19:47 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S261938AbVDKVTr (ORCPT ); Mon, 11 Apr 2005 17:19:47 -0400 Received: from neapel230.server4you.de ([217.172.187.230]:20889 "EHLO neapel230.server4you.de") by vger.kernel.org with ESMTP id S261943AbVDKVT3 (ORCPT ); Mon, 11 Apr 2005 17:19:29 -0400 Message-ID: <425AE9DE.5080407@lsrfire.ath.cx> Date: Mon, 11 Apr 2005 23:19:26 +0200 From: Rene Scharfe User-Agent: Mozilla Thunderbird 1.0.2 (Windows/20050317) X-Accept-Language: de-DE, de, en-us, en MIME-Version: 1.0 To: Bodo Eggert <7eggert@gmx.de> Cc: linux-kernel@vger.kernel.org, Albert Cahalan , akpm@osdl.org, viro@parcelfarce.linux.theplanet.co.uk, pj@engr.sgi.com Subject: Re: [RFC][PATCH] Simple privacy enhancement for /proc/ References: <20050410153855.GA24905@lsrfire.ath.cx> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 2428 Lines: 78 Bodo Eggert schrieb: > On Sun, 10 Apr 2005, Rene Scharfe wrote: > > >>First, configuring via kernel parameters is sufficient. > > > I don't remember: Would a mount option be equally easy to implement? > (Kernel parameters are OK for me, too.) A mount option for procfs would be changable at remount, making implementation a bit more involved. >>I have another idea: let's keep the details of _every_ process owned by >>user root readable by anyone. > > > What about SUID processes acting on behalf of users? SUID root processes will we visible for all, too. That's fair enough, I think. If it's a concern to you use proc.privacy=2. >>- processor.max_cstate= [HW, ACPI] >>- Limit processor to maximum C-state >>- max_cstate=9 overrides any DMI blacklist limit. >>- > > > This seems to belong into another patch Strictly speaking, yes, but it's just a trivial cleanup near my own change. And I guarantee it has zero impact on any built kernel image. :] > (in pid_revalidate:) > What about moving the things around? (just editing in the MUA) > > >>+ if (IS_PID_DIR(proc_type(inode)) || task_dumpable(task)) { >> inode->i_uid = task->euid; >>+ inode->i_gid = proc_gid; >>+ if (!proc_privacy || IS_PID_DIR(proc_type(inode))) >> inode->i_gid = task->egid; >> } else { >> inode->i_uid = 0; >> inode->i_gid = 0; >> } >> security_task_to_inode(task, inode); >> return 1; >> } I suppose you could do that, but I don't see any gain. I also find my version easier to read because it keeps the two conditionals (having different intents and purposes) apart. > BTW: You might be able to cache IS_PID_DIR(). It looks like being a gain. I'd rather let the compiler do that job. It's only a small macro, I really doubt you would measure any speedup from putting it into a local variable. >>@@ -1454,6 +1468,11 @@ static struct dentry *proc_pident_lookup > > >>+ if (proc_privacy == 2 || task->euid != 0) > > ^^^^^ > redundand. You're right and it's a matter of taste, I guess. By the way, this is also what the FreeBSD crowd calls a "bikeshed". :-) Thanks for reviewing my patch! Rene - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/