Re: procfs: boot- and runtime configurable access mode for/proc/<pid> dirs

From: Al Viro
Date: Thu Mar 24 2011 - 14:44:24 EST


On Thu, Mar 24, 2011 at 08:22:30PM +0200, Alexey Dobriyan wrote:
> On Thu, Mar 24, 2011 at 09:41:58AM +0100, Daniel Reichelt wrote:
> > > Keeping u/g/o inside kernel is horrible.
> >
> > Why exactly? Since it's only a char and not char[] I don't see the
> > disadvantage over int or a define or whatever. Of course I could always
> > change that if that's a de-facto standard I just didn't know about.
>
> Keep mode_t inside kernel, this will get rid of many ifdefs.
>
> > > What is the usecase? Content of /proc/* is identical.
> >
> > Use-case is to isolate process information from other users' or groups'
> > eyes, e.g. with 550 the output of ps aux only lists processes of the
> > groups your user is a member of.
>
> This is doable with some ps(1) switch, I'm sure.
>
> The content of /proc/$PID directory is not a secret.

More to the point, permissions in /proc/<pid>/* don't do us much good.
As the matter of fact, we ought to make them all flat - i.e. same for
user/group/other, since we have to recheck access rights on every damn
IO operations. Checks done at open() are useless here - have the
task exec suid-root binary and they are obsolete.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/