Re: [PATCH] proc: advertise new restrictions on /proc/*/maps & /proc/*/smaps
From: Al Viro
Date:  Thu Jan 03 2008 - 18:58:16 EST
On Fri, Jan 04, 2008 at 12:51:50AM +0100, Guillaume Chazarain wrote:
> Now that strangers are kept out of /proc/<pid>/maps, let's welcome them
> with -EPERM instead of a blank file.
NAK
The whole point is that we have to reject it at read() time, not open()
time.  Checks in open() are
	a) useless (since conditions can change later)
and
	b) actually broken, since CAP_SYS_PTRACE != CAP_DAC_OVERRIDE
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/