Re: A Plumberâs Wish List for Linux

From: Kay Sievers
Date: Fri Oct 07 2011 - 06:29:08 EST

Next message: Russell King - ARM Linux: "Re: [PATCH v3 1/2] ARM: EXYNOS4: Change System MMU devicedefinition"
Previous message: Stephane Eranian: "Re: [PATCH 01/12] perf_events: add generic taken branch sampling support"
In reply to: Alan Cox: "Re: A Plumberâs Wish List for Linux"
Next in thread: Alan Cox: "Re: A Plumberâs Wish List for Linux"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Oct 7, 2011 at 12:12, Alan Cox <alan@xxxxxxxxxxxxxxxxxxx> wrote:
>> * (ioctl based?) interface to query and modify the label of a mounted
>> FAT volume:
>
> Seems sensible - or it could go in sysfs ?

That would mean to export superblocks in /sys, which isn't namespaced,
and which might create issues by making information globally available
which probably shouldn't?

>> A FAT labels is implemented as a hidden directory entry in the file
>> system which need to be renamed when changing the file system label,
>
> That would be ugly - it works for FAT as you can create an imaginary name
> which is not possible on the fs, but that isn't true for say ext4. Sysfs
> sounds the logic way, it means adding chunks of code to various file
> systems.

What do you mean would be ugly?

>> * expose CAP_LAST_CAP somehow in the running kernel at runtime:
>> Userspace needs to know the highest valid capability of the running
>> kernel, which right now cannot reliably be retrieved from header files
>> only. The fact that this value cannot be detected properly right now
>> creates various problems for libraries compiled on newer header files
>> which are run on older kernels. They assume capabilities are available
>> which actually arenât. Specifically, libcap-ng claims that all running
>> processes retain the higher capabilities in this case due to the
>> âinvertedâ semantics of CapBnd in /proc/$PID/status.
>
> You can probably deduce this by poking around but to me it seems like a
> very sensible idea.
>
>> * allow changing argv[] of a process without mucking with environ[]:
>> Something like setproctitle() or a prctl() would be ideal. Of course it
>> is questionable if services like sendmail make use of this, but otoh for
>> services which fork but do not immediately exec() another binary being
>> able to rename this child processes in ps is of importance.
>
> Yes, its a real valuable tool for r00tkits, worms and general purpose
> deception.

They can do that already today. The code to do that just looks really
ugly. So the r00tkits could have nicer looking code. :)

Thanks,
Kay
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Russell King - ARM Linux: "Re: [PATCH v3 1/2] ARM: EXYNOS4: Change System MMU devicedefinition"
Previous message: Stephane Eranian: "Re: [PATCH 01/12] perf_events: add generic taken branch sampling support"
In reply to: Alan Cox: "Re: A Plumberâs Wish List for Linux"
Next in thread: Alan Cox: "Re: A Plumberâs Wish List for Linux"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]