kernel-hardening - Re: [PATCH 2/2] mm: restrict access to /proc/meminfo

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]

Message-ID: <30918.1317257024@turing-police.cc.vt.edu>
Date: Wed, 28 Sep 2011 20:43:44 -0400
From: Valdis.Kletnieks@...edu
To: Dave Hansen <dave@...ux.vnet.ibm.com>
Cc: Christoph Lameter <cl@...two.org>, David Rientjes <rientjes@...gle.com>,
        Vasiliy Kulikov <segoon@...nwall.com>,
        kernel-hardening@...ts.openwall.com, Pekka Enberg <penberg@...nel.org>,
        Matt Mackall <mpm@...enic.com>,
        Andrew Morton <akpm@...ux-foundation.org>, linux-mm@...ck.org,
        Kees Cook <kees@...ntu.com>,
        Linus Torvalds <torvalds@...ux-foundation.org>,
        Alan Cox <alan@...ux.intel.com>, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 2/2] mm: restrict access to /proc/meminfo

On Wed, 28 Sep 2011 13:31:45 PDT, Dave Hansen said:

> We could also just _effectively_ make it output in MB:
> 
> 	foo = foo & ~(1<<20)
> 
> or align-up.

I think we want align-up here, there's a bunch of fields that code probably
expects to be non-zero on a system that's finished booting...

> We could also give the imprecise numbers to unprivileged
> users and let privileged ones see the page-level ones.

That also sounds like a good idea.

Content of type "application/pgp-signature" skipped

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.