Re: [PATCH] proc: advertise new restrictions on /proc/*/maps & /proc/*/smaps

From: Al Viro
Date: Thu Jan 03 2008 - 18:58:16 EST


On Fri, Jan 04, 2008 at 12:51:50AM +0100, Guillaume Chazarain wrote:
> Now that strangers are kept out of /proc/<pid>/maps, let's welcome them
> with -EPERM instead of a blank file.

NAK

The whole point is that we have to reject it at read() time, not open()
time. Checks in open() are
a) useless (since conditions can change later)
and
b) actually broken, since CAP_SYS_PTRACE != CAP_DAC_OVERRIDE
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/