Re: [PATCH] [RFC] Make it easier to harden /proc/

[Miquel van Smoorenburg]

On 16-03-11 10:15 PM, Alexey Dobriyan wrote:
> On Wed, Mar 16, 2011 at 10:07:48PM +0100, Richard Weinberger wrote:
> > Am Mittwoch 16 März 2011, 22:04:52 schrieb Alexey Dobriyan:
> > > On Wed, Mar 16, 2011 at 09:52:49PM +0100, Richard Weinberger wrote:
> > > > Am Mittwoch 16 März 2011, 21:45:45 schrieb Arnd Bergmann:
> > > > > On Wednesday 16 March 2011 21:08:16 Richard Weinberger wrote:
> > > > > > Am Mittwoch 16 März 2011, 20:55:49 schrieb Kees Cook:
> > > > > I had expected that any dangerous sysctl would not be visible in
> > > > > an unpriviledge container anyway.
> > > >
> > > > No way.
> > >
> > > No way what exactly?
> >
> > Dangerous sysctls are not protected at all.
> > E.g. A jailed root can use /proc/sysrq-trigger.
>
> Yes, and it's suggested that you do not show it at all,
> instead of bloaing ctl_table.
>
> But this requires knowledge which /proc is root and which one is "root".
> :-(
>
> With current splitup into FOO_NS...

And what about sysfs, there's a lot of writable stuff there too. For 
example in /sys/module/*/parameters, /sys/block/*/device/queu , 
/sys/kernel/, /sys/platform/ etc. Perhaps things you don't want to be 
read too, such as some uevent files.

Shouldn't that be made inaccessible as well, preferably not visible?

Programs in containers may need sysfs for stuff like 
/sys/class/net/<device> , so just not mounting sysfs may not be an option.

Mike.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/