Re: [PATCH] alloc_tag: Tighten file permissions on /proc/allocinfo

From: Kent Overstreet
Date: Thu Apr 25 2024 - 16:46:07 EST

Next message: Konrad Rzeszutek Wilk: "Re: [PATCH] KVM: x86: Set BHI_NO in guest when host is not affected by BHI"
Previous message: Colton Lewis: "Re: [PATCH v4] KVM: arm64: Add early_param to control WFx trapping"
In reply to: Kees Cook: "[PATCH] alloc_tag: Tighten file permissions on /proc/allocinfo"
Next in thread: Matthew Wilcox: "Re: [PATCH] alloc_tag: Tighten file permissions on /proc/allocinfo"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Apr 25, 2024 at 01:08:50PM -0700, Kees Cook wrote:
> The /proc/allocinfo file exposes a tremendous about of information about
> kernel build details, memory allocations (obviously), and potentially
> even image layout (due to ordering). As this is intended to be consumed
> by system owners (like /proc/slabinfo), use the same file permissions as
> there: 0400.

Err...

The side effect of locking down more and more reporting interfaces is
that programs that consume those interfaces now have to run as root.

That's not what we want.

Next message: Konrad Rzeszutek Wilk: "Re: [PATCH] KVM: x86: Set BHI_NO in guest when host is not affected by BHI"
Previous message: Colton Lewis: "Re: [PATCH v4] KVM: arm64: Add early_param to control WFx trapping"
In reply to: Kees Cook: "[PATCH] alloc_tag: Tighten file permissions on /proc/allocinfo"
Next in thread: Matthew Wilcox: "Re: [PATCH] alloc_tag: Tighten file permissions on /proc/allocinfo"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]