Re: [PATCH v2] kmsg: Honor dmesg_restrict sysctl on /dev/kmsg
From: Kees Cook
Date: Wed Apr 24 2013 - 17:41:53 EST
On Wed, Apr 24, 2013 at 2:30 PM, Linus Torvalds
> On Wed, Apr 24, 2013 at 1:35 PM, Kees Cook <keescook@xxxxxxxxxxxx> wrote:
>> That said, I much prefer doing the privilege test at read time since
>> that means passing a file descriptor to another process doesn't mean
>> the new process can just continue reading.
> That's exactly the wrong kind of thinking. If you had privileges to
> open something, and you pass it off, it's *your* choice.
Yes, this is what I was pointing out originally. The semantics of
/proc/kmsg do exactly that: check at open time, which is much cleaner.
Solving the permissions checking delta between the syslog via syscall
and syslog via /proc/kmsg was the original intent of the code so that
capabilities could be dropped after open. And when /dev/kmsg came
along, it didn't follow either convention. I just want to see the
Chrome OS Security
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/