Re: [PATCH] alloc_tag: Tighten file permissions on /proc/allocinfo

From: Andrew Morton
Date: Thu Apr 25 2024 - 19:47:26 EST

Next message: Atish Patra: "[PATCH v2 kvm-riscv/for-next 0/2] Fixes for kvm-riscv"
Previous message: Sean Christopherson: "[PATCH 4/4] KVM: Rename functions related to enabling virtualization hardware"
In reply to: Kent Overstreet: "Re: [PATCH] alloc_tag: Tighten file permissions on /proc/allocinfo"
Next in thread: Kent Overstreet: "Re: [PATCH] alloc_tag: Tighten file permissions on /proc/allocinfo"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 25 Apr 2024 15:42:30 -0700 Kees Cook <keescook@xxxxxxxxxxxx> wrote:

> > The concern about leaking image layout could be addressed by sorting the
> > output before returning to userspace.
>
> It's trivial to change permissions from the default 0400 at boot time.
> It can even have groups and ownership changed, etc. This is why we have
> per-mount-namespace /proc instances:
>
> # chgrp sysmonitor /proc/allocinfo
> # chmod 0440 /proc/allocinfo
>
> Poof, instant role-based access control. :)

Conversely, the paranoid could set it to 0400 at boot also.

> I'm just trying to make the _default_ safe.

Agree with this.

Semi-seriously, how about we set the permissions to 0000 and force
distributors/users to make a decision.

Next message: Atish Patra: "[PATCH v2 kvm-riscv/for-next 0/2] Fixes for kvm-riscv"
Previous message: Sean Christopherson: "[PATCH 4/4] KVM: Rename functions related to enabling virtualization hardware"
In reply to: Kent Overstreet: "Re: [PATCH] alloc_tag: Tighten file permissions on /proc/allocinfo"
Next in thread: Kent Overstreet: "Re: [PATCH] alloc_tag: Tighten file permissions on /proc/allocinfo"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]