Date: Mon, 18 Apr 2005 15:05:52 -0400
From: Dave Jones <davej@redhat.com>
To: Lorenzo =?iso-8859-1?Q?Hern=E1ndez_Garc=EDa-Hierro?= 
	<lorenzo@gnu.org>
Cc: "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH 3/7] procfs privacy: misc. entries
Message-ID: <20050418190552.GA26322@redhat.com>
Mail-Followup-To: Dave Jones <davej@redhat.com>,
	Lorenzo =?iso-8859-1?Q?Hern=E1ndez_Garc=EDa-Hierro?= <lorenzo@gnu.org>,
	"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>
References: <1113850012.17341.71.camel@localhost.localdomain>
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <1113850012.17341.71.camel@localhost.localdomain>
User-Agent: Mutt/1.4.1i
Sender: linux-kernel-owner@vger.kernel.org
Content-Length: 923
Lines: 27

On Mon, Apr 18, 2005 at 08:46:52PM +0200, Lorenzo Hern?ndez Garc?a-Hierro wrote:
 > This patch changes the permissions of the following procfs entries to
 > restrict non-root users from accessing them:
 > 
 >  - /proc/devices 
 >  - /proc/cmdline
 >  - /proc/version
 >  - /proc/uptime
 >  - /proc/cpuinfo

This is utterly absurd. You can find out anything thats in /proc/cpuinfo
by calling cpuid instructions yourself.
Please enlighten me as to what security gains we achieve
by not allowing users to see this ?

Restricting lots of the other files are equally absurd.

I'd also be very surprised if various random bits of userspace
broke subtley due to this nonsense.

		Dave

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/