Re: [PATCH v2] remove no longer use of pdflush interface

[Andrew Morton]

On Wed, 6 Jun 2012 11:21:27 +0800 Wanpeng Li <liwp.linux@xxxxxxxxx> wrote:

> >Secondly, this code will permit unprivileged users to flood the logs,
> >by repeatedly reading /proc/sys/vm/nr_pdflush_threads.  We try to avoid
> >this, as it is a form of denial-of-service attack.
> >
> >This is a bit hard to fix.  The typical way of addressing this is to
> >use printk_once(), so the message only appears once per boot.  But that
> >doesn't work for a generic function - we'd need to add one bit of state
> >to the ctl_table to do this.  We can of course do that, but it's not
> >obvious that it's _worth_ doing that just for handling obsolete
> >entries.
> >
> >So perhaps the solution is to give up on the generic proc_obsolete()
> >idea, and just add a handler specifically for nr_pdflush_threads, whcih
> >uses printk_once().
> 
> What about modify the generic proc_obsolete just to put the warning message into
> the buffer, then transfer to userspace, in order to users can see this warning.Do
> you think this is a better idea?

err, no.  That's deliberately corrupting the output of an existing
interface.  In response to this change userspace might crash, hand over
root privileges or tune to a porn channel.  Instead we should yield
a well-formed response such as "0" (or maybe non-zero, if a zero
response might be unexpected) and inform the system operator via
conventional means.  ie: syslog.  
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/