Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <alpine.LRH.2.00.1106210918290.14297@tundra.namei.org>
Date: Tue, 21 Jun 2011 09:19:34 +1000 (EST)
From: James Morris <jmorris@...ei.org>
To: Vasiliy Kulikov <segoon@...nwall.com>
cc: kernel-hardening@...ts.openwall.com, linux-kernel@...r.kernel.org,
        linux-security-module@...r.kernel.org,
        "Eric W. Biederman" <ebiederm@...ssion.com>
Subject: Re: [RFC 2/5 v4] procfs: add hidepid= and gid= mount options

On Mon, 20 Jun 2011, Vasiliy Kulikov wrote:

> > If they depend on specific permissions, yes.
> 
> Could you please then clarify why does this patch changes
> pid_revalidate() behaviour:
> 
> http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=99f895518368252ba862cc15ce4eb98ebbe1bec6
> 
> It changes files permissions to allow userspace apps to quickly stat
> files, not looking into /proc/PID/status.  So, uid and gid are explicit
> ABI.  Breaking procfs uid/gid attributes would break these apps.
> 

Right, but I'm saying that apps which depend on specific permissions are 
broken, which is not the uid / gid attributes.


-- 
James Morris
<jmorris@...ei.org>

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.