Re: [PATCH] mm: use %pK for /proc/vmallocinfo

From: David Rientjes
Date: Wed Oct 03 2012 - 14:07:47 EST


On Wed, 3 Oct 2012, Kees Cook wrote:

> > So root does echo 0 > /proc/sys/kernel/kptr_restrict first. Again: what
> > are you trying to protect?
>
> Only CAP_SYS_ADMIN can change the setting. This is, for example, for
> containers, or other situations where a uid 0 process lacking
> CAP_SYS_ADMIN cannot see virtual addresses. It's a very paranoid case,
> yes, but it's part of how this feature was designed. Think of it as
> supporting the recent uid 0 vs ring 0 boundary. :)
>

The intention of /proc/vmallocinfo being S_IRUSR is obviously to only
allow root to read this information to begin with, so if root lacks
CAP_SYS_ADMIN then it seems the best fix would be to return an empty file
on read()? Or give permission to everybody to read it but only return a
positive count when they have CAP_SYS_ADMIN?

There's no need to make this so convoluted that you need to have the right
combination of uid, kptr_restrict, CAP_SYS_ADMIN, and CAP_SYSLOG to get
anything valuable out of this file, though.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/