Received: by 2002:ab2:3c46:0:b0:1f5:f2ab:c469 with SMTP id x6csp133317lqf; Fri, 26 Apr 2024 01:47:00 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCWAiynzFP5ISBC+aCQwm0IgBKpWFpBQ2q2nc2TLYg9vcktOnXN7bj565Q6JpBEL8E9wCxIqq/3AUhhGJoHFr5ABFTvqp4Qbmx09DvRpCQ== X-Google-Smtp-Source: AGHT+IGGUQwjD3HVzE075byUL7JFa9X3yi54aKxh0htNBpnyo6OrUKixQ8jHngYzQP51mcjBGWpE X-Received: by 2002:a50:d59c:0:b0:56d:fca8:d2d6 with SMTP id v28-20020a50d59c000000b0056dfca8d2d6mr1662077edi.6.1714121220030; Fri, 26 Apr 2024 01:47:00 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1714121220; cv=pass; d=google.com; s=arc-20160816; b=PCEtKwj04SD/AAuJ+iQTnHugr3BRiCLSPzhrQLrzeVEQysgqKy3TFc89HgmanaMBLK jL5cYztNkyIePG/pEbpfGkm4E4FeRQggwqLXLxaq+U4N+NBJBbhfHlf29rNHA+zsjfk/ ZCRxXUovMStOjurJ29QxK/UMvlcntp+ceFkr3fxhL0Lmv5o07oHGRnEfC4R8ncHgTP4s 4GAScsOKlDs6ZLarmXWd8ONGOXgcK6OeYCdLV7+aJtjudSZDZOgJ+TIkA6YpRbeiqakq ZSu6oqf3qp0gctGX0CrdQj2VGWs8Em+rKK7+Ml5cRj4PzN+2ql4Ncf3rEIms5h1p5KU5 CTLw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:content-disposition:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:message-id:subject:cc :to:from:dkim-signature:date; bh=fD6phTLFszOoj2PuCrCjp02WsBZ/dFu3rb01qh85uXU=; fh=+8sUGZ5pyW6G4EWMCT5J6H2+/mfKj5wJ3HgjtGaMSX8=; b=kjyhnx6bpHrXe0skPXUqY5l4cpUKqTMMFq89RvtOoxhgT5NMZPTnp0X+IaP81E6Dba H5mqWazSIZDoUSn4ptuV2uvuCawP/bZ4rzxuSzdrl/kpoIf0HbQgRtaS63pojg8s9Fpu zo08MlP484jLu37jXcAjxDjmZYBmhU5v9fVWcmstm8vLI1+6m9X5Pkc/KP9yi5JjeqTB /jckgyk8aKwm+PC8av+q0SsQ8EUN+WwFMfy2MQkzUzMgWh7sKJmoOsbAHq6V6pRSYTlc /x5b2YKYz4pwwwuSfecLP7C7/Oeyd7JQvtQ55T9iaq4tEecYeg3RlKtf0Npwgmgz3n0C l4Bg==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@linux.dev header.s=key1 header.b=EenxUM0r; arc=pass (i=1 spf=pass spfdomain=linux.dev dkim=pass dkdomain=linux.dev dmarc=pass fromdomain=linux.dev); spf=pass (google.com: domain of linux-kernel+bounces-159727-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-159727-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.dev Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [147.75.80.249]) by mx.google.com with ESMTPS id k5-20020a17090666c500b00a5250ff055bsi10924277ejp.430.2024.04.26.01.46.59 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 26 Apr 2024 01:47:00 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-159727-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) client-ip=147.75.80.249; Authentication-Results: mx.google.com; dkim=pass header.i=@linux.dev header.s=key1 header.b=EenxUM0r; arc=pass (i=1 spf=pass spfdomain=linux.dev dkim=pass dkdomain=linux.dev dmarc=pass fromdomain=linux.dev); spf=pass (google.com: domain of linux-kernel+bounces-159727-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-159727-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.dev Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id B85F91F224F9 for ; Fri, 26 Apr 2024 08:46:59 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 7033413C90F; Fri, 26 Apr 2024 08:46:53 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linux.dev header.i=@linux.dev header.b="EenxUM0r" Received: from out-188.mta1.migadu.com (out-188.mta1.migadu.com [95.215.58.188]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8D8DF824BF for ; Fri, 26 Apr 2024 08:46:49 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=95.215.58.188 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714121212; cv=none; b=ZZKtVsHJYq24VRercIriNEA9CKRVfIcRSDhn0LauTP3y0F8PSVr+S1sVozQWKiphTBMAhT8+LeQFgiTZ6jddBIt3pPAXzTNzp2zVYbW502djWCl8pQ/B39nntb9bGY2U7acNSWVekB2npN8Z5m+/6gMYpGjaMiWdSByUs6Y3LaU= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714121212; c=relaxed/simple; bh=aSRZo1R/V0HkN+sFEJyvYL9owvPFQd9CoPfi0h+CIWE=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=EZHEb4VFnWIgkoS7DPWdSDlLGCx1Z8TQeYAzILsHJjf+Q4U2Tmg+yK0EHOYaXoTldAu052arqdrBIc5pv1jfD7GFpFv0eGYpfHJ6SIbTyAviq+8hOLT2evDNw4iJbozE9kGjB7aou/VXKvrR+YZlY//arc/ROgSSSre0/0Au1UI= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.dev; spf=pass smtp.mailfrom=linux.dev; dkim=pass (1024-bit key) header.d=linux.dev header.i=@linux.dev header.b=EenxUM0r; arc=none smtp.client-ip=95.215.58.188 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.dev Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.dev Date: Fri, 26 Apr 2024 04:46:43 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1714121207; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=fD6phTLFszOoj2PuCrCjp02WsBZ/dFu3rb01qh85uXU=; b=EenxUM0ra1YpDLwe8ySCjb/39+3a0W7+RBiOtxGJPXMfE49jWH3Yv/676XOdijykrVANke dsoPiW63bw0jH0SAcj8LWySgngy9sg2BORG8CfHyU68tq/NjgR4ixolL2U1JTZvQ8c7B+N BEDitbYZBUgvaUhA4X8FBE51aSNUFIk= X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. From: Kent Overstreet To: Pavel Machek Cc: Suren Baghdasaryan , Matthew Wilcox , Kees Cook , Andrew Morton , linux-mm@kvack.org, linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org Subject: Re: [PATCH] alloc_tag: Tighten file permissions on /proc/allocinfo Message-ID: References: <20240425200844.work.184-kees@kernel.org> <64cngpnwyav4odustofs6hgsh7htpc5nu23tx4lb3vxaltmqf2@sxn63f2gg4gu> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Migadu-Flow: FLOW_OUT On Fri, Apr 26, 2024 at 10:32:27AM +0200, Pavel Machek wrote: > Hi! > > > > > > > The /proc/allocinfo file exposes a tremendous about of information about > > > > > > kernel build details, memory allocations (obviously), and potentially > > > > > > even image layout (due to ordering). As this is intended to be consumed > > > > > > by system owners (like /proc/slabinfo), use the same file permissions as > > > > > > there: 0400. > > > > > > > > > > Err... > > > > > > > > > > The side effect of locking down more and more reporting interfaces is > > > > > that programs that consume those interfaces now have to run as root. > > > > > > > > sudo cat /proc/allocinfo | analyse-that-fie > > > > > > Even that is still an annoyance, but I'm thinking more about a future > > > daemon to collect this every n seconds - that really shouldn't need to > > > be root. > > > > Yeah, that would preclude some nice usecases. Could we maybe use > > CAP_SYS_ADMIN checks instead? That way we can still use it from a > > non-root process? > > CAP_SYS_ADMIN is really not suitable, as it can do changes to the > system. On working system, allocinfo is really not dangerous, it just > may make exploits harder. CAP_KERNEL_OBSERVER or something... There's _really_ no reason to use capabilities at all for something that has file ownership - just use a group.