Re: [PATCH 1/2] procfs: restore 0400 permissions on/proc/*/{syscall,stack,personality}
From: Al Viro
Date: Mon Aug 26 2013 - 13:21:06 EST
On Mon, Aug 26, 2013 at 09:49:48AM -0700, Eric W. Biederman wrote:
> How does changing the permissions to S_IRUSR prevent someone from
> opening the file before, and reading the file after a suid exec?
>
> > This patch restores the old mode which was 0400
>
> Which seems to add no security whatsoever and obscure the fact that
> anyone who cares can read the file so what is the point?
Two words: "security sclerosis". Both patches NAKed, of course.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/