Re: [PATCH] alloc_tag: Tighten file permissions on /proc/allocinfo
From: Kent Overstreet
Date: Thu Apr 25 2024 - 16:46:07 EST
On Thu, Apr 25, 2024 at 01:08:50PM -0700, Kees Cook wrote:
> The /proc/allocinfo file exposes a tremendous about of information about
> kernel build details, memory allocations (obviously), and potentially
> even image layout (due to ordering). As this is intended to be consumed
> by system owners (like /proc/slabinfo), use the same file permissions as
> there: 0400.
Err...
The side effect of locking down more and more reporting interfaces is
that programs that consume those interfaces now have to run as root.
That's not what we want.