Re: [PATCH v5 2/2] proc: restrict /proc/pid/mem
From: Kees Cook
Date: Wed Jun 12 2024 - 14:24:02 EST
On Wed, Jun 12, 2024 at 07:13:41PM +0100, Adrian Ratiu wrote:
> Would macros like the following be acceptable?
> I know it's more verbose but also much easier to understand and it works.
>
> #if IS_ENABLED(CONFIG_PROC_MEM_RESTRICT_OPEN_READ_ALL)
> DEFINE_STATIC_KEY_TRUE_RO(proc_mem_restrict_open_read_all);
> DEFINE_STATIC_KEY_FALSE_RO(proc_mem_restrict_open_read_ptracer);
> #elif IS_ENABLED(CONFIG_PROC_MEM_RESTRICT_OPEN_READ_PTRACE)
> DEFINE_STATIC_KEY_FALSE_RO(proc_mem_restrict_open_read_all);
> DEFINE_STATIC_KEY_TRUE_RO(proc_mem_restrict_open_read_ptracer);
> #else
> DEFINE_STATIC_KEY_FALSE_RO(proc_mem_restrict_open_read_all);
> DEFINE_STATIC_KEY_FALSE_RO(proc_mem_restrict_open_read_ptracer);
> #endif
Yeah, that'd be fine by me. I was a little concerned I was
over-generalizing those macros. :P
--
Kees Cook