Received: by 2002:a25:31c3:0:0:0:0:0 with SMTP id x186csp3066683ybx;
        Sun, 3 Nov 2019 09:58:55 -0800 (PST)
X-Google-Smtp-Source: APXvYqx+c6eK7+JSaJw3KJR+ZImhmtkhHPlTyD5KLUs4SLnIY0+Bq1EZySCKIziA+6Y8yeL974fV
X-Received: by 2002:aa7:c048:: with SMTP id k8mr24743477edo.254.1572803935485;
        Sun, 03 Nov 2019 09:58:55 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1572803935; cv=none;
        d=google.com; s=arc-20160816;
        b=EabCZYJW5wtw+KBNQF2iB7GTpnX6R7WBt/EHqfdVDcJ/S7Kfa6wHyby/Knud+REhwf
         5Xu+2CscGs9LUiUKxvIdnqWn60uwmV134HbzUqL5RcjUhWiIelqzJbT75KYYeH2wZVtj
         bqpErgc+fTonSPXHvNdAmyubiEOwe5Uo9+zYxbwT5RCBZjed23rKTfzjhLRSJmRM1D8E
         Q/GCxTEqnhuhS0ZT//Jzj4iftQRagK5+kjyznumcwjVNv6zHTpt7AeG4twgW+iN/KhMq
         sbH6hjHm0z6Q/UwMj2uVwCoaiR8Zxtk3hHkwp22d7yo5NrUtkK0IMwMCLRYzYqAFcjlY
         vKkw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:user-agent:in-reply-to
         :content-disposition:mime-version:references:message-id:subject:cc
         :to:from:date;
        bh=NEfnYep6D7UU9E2czBL2TR1SGa+2VJBsNaC6db5s7Q0=;
        b=SS3si1iMOL+cqfoDtl34sqoJ4f3nsZZxb7ZNCVWgGjvy+kov/5MxrR5PxMebMGaW+U
         Kdyb2JjO59Ty2gwsMFNE6gxDaAjun83l5wB2pNclt33d2EKCHbfVV4KpWsox5K4GbxkD
         taK14cxqyAe/ex9Y0/O2Lkj3Z3IzFoswqhGifUDe5aC7bdJ2oF+R4+3bwBeU+jqGHewJ
         v3Ayncb7ZSkR3/FY2Pohs6AxqUlU+VJSYN5zbM0eiLo38jIOXtyOhjTTfCkDz3XTnFFH
         j6iOdhP51by/nMvRJO7inBqVR9caz2XjR1u6SORfFfVLaGL9psG75XXm7lvc+uzbdLKF
         pspg==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id ox3si10186626ejb.170.2019.11.03.09.58.31;
        Sun, 03 Nov 2019 09:58:55 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1727979AbfKCR4z (ORCPT <rfc822;414256we@gmail.com> + 99 others);
        Sun, 3 Nov 2019 12:56:55 -0500
Received: from outgoing-auth-1.mit.edu ([18.9.28.11]:38250 "EHLO
        outgoing.mit.edu" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org
        with ESMTP id S1727758AbfKCR4y (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Sun, 3 Nov 2019 12:56:54 -0500
Received: from callcc.thunk.org (guestnat-104-133-0-98.corp.google.com [104.133.0.98] (may be forged))
        (authenticated bits=0)
        (User authenticated as tytso@ATHENA.MIT.EDU)
        by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id xA3HumMC028282
        (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
        Sun, 3 Nov 2019 12:56:49 -0500
Received: by callcc.thunk.org (Postfix, from userid 15806)
        id 23DB3420311; Sun,  3 Nov 2019 12:56:48 -0500 (EST)
Date:   Sun, 3 Nov 2019 12:56:48 -0500
From:   "Theodore Y. Ts'o" <tytso@mit.edu>
To:     Topi Miettinen <toiwoton@gmail.com>
Cc:     Luis Chamberlain <mcgrof@kernel.org>,
        Kees Cook <keescook@chromium.org>,
        Alexey Dobriyan <adobriyan@gmail.com>,
        "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
        "open list:FILESYSTEMS (VFS and infrastructure)" 
        <linux-fsdevel@vger.kernel.org>
Subject: Re: [PATCH] Allow restricting permissions in /proc/sys
Message-ID: <20191103175648.GA4603@mit.edu>
References: <74a91362-247c-c749-5200-7bdce704ed9e@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <74a91362-247c-c749-5200-7bdce704ed9e@gmail.com>
User-Agent: Mutt/1.12.2 (2019-09-21)
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Sun, Nov 03, 2019 at 04:55:48PM +0200, Topi Miettinen wrote:
> Several items in /proc/sys need not be accessible to unprivileged
> tasks. Let the system administrator change the permissions, but only
> to more restrictive modes than what the sysctl tables allow.
> 
> Signed-off-by: Topi Miettinen <toiwoton@gmail.com>

Why should restruct the system administrator from changing the
permissions to one which is more lax than what the sysctl tables?

The system administrator is already very much trusted.  Why should we
take that discretion away from the system administrator?

     	  	     	       	   	  - Ted