Re: [RFC 0/5 v4] procfs: introduce hidepid=, hidenet=, gid= mount options

From: richard -rw- weinberger
Date: Sun Oct 30 2011 - 13:09:43 EST


On Thu, Jun 16, 2011 at 12:40 PM, Arnd Bergmann <arnd@xxxxxxxx> wrote:
> On Thursday 16 June 2011, Vasiliy Kulikov wrote:
>> > I have no opinion on whether it's a good idea to include the feature or not.
>>
>> Why not?  Have you some specific complains where it can be perhaps too
>> strong/insufficient/non-configurable?
>
> No, not at all. I just haven't had the need for this myself, and I'm not
> enough of a security person to judge whether the vulnerability addressed
> by the patch is a relevant one. E.g. if all the sensitive information
> you are hiding in procfs is still available through netlink, your patch
> is pointless. Similarly if there is no recorded case of an attack that
> relies on any of the information in procfs.
>

Is this interface somewhere documented?
IOW how is it possible to get all processes via netlink?

--
Thanks,
//richard
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/