Re: [RFC Patch] kcore: restrict access to the whole memory
From: Cong Wang
Date: Thu Dec 23 2010 - 05:03:37 EST
ä 2010å12æ23æ 07:02, Andrew Morton åé:
On Wed, 22 Dec 2010 19:21:59 +0800
Amerigo Wang<amwang@xxxxxxxxxx> wrote:
This patch restricts /proc/kcore from accessing the whole memory,
instead, only an ELF header can be read.
The initial patch was done by Vivek.
Getting a bit tired of this.
Are we supposed to be mind-readers? How else are we to work out why
you think Linux needs this feature? What problems it solves? What
applications are expected to break and what the breakage patterns are?
Why the benefits are worth the maintenance costs and the risk of
breakage? Why it's done with a config option and not a boot-time or
runtime tunable?
Oh, sorry, I forgot to mention this is for security reasons,
I am adding Eugene into Cc so that he can explain more about this.
Yeah, I thought about sysctl too, but it is really weird for me
to control /proc/kcore contents via an sysctl file, I think
an Kconfig is enough.
Thanks!
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/