Re: [PATCH] alloc_tag: Tighten file permissions on /proc/allocinfo
From: Andrew Morton
Date: Thu Apr 25 2024 - 19:47:26 EST
On Thu, 25 Apr 2024 15:42:30 -0700 Kees Cook <keescook@xxxxxxxxxxxx> wrote:
> > The concern about leaking image layout could be addressed by sorting the
> > output before returning to userspace.
>
> It's trivial to change permissions from the default 0400 at boot time.
> It can even have groups and ownership changed, etc. This is why we have
> per-mount-namespace /proc instances:
>
> # chgrp sysmonitor /proc/allocinfo
> # chmod 0440 /proc/allocinfo
>
> Poof, instant role-based access control. :)
Conversely, the paranoid could set it to 0400 at boot also.
> I'm just trying to make the _default_ safe.
Agree with this.
Semi-seriously, how about we set the permissions to 0000 and force
distributors/users to make a decision.