Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CACLa4puR6W+15KxpZtzAt6c2fXUhM8gkLY9Zn5RNE8qbNpO_xQ@mail.gmail.com>
Date: Mon, 7 Nov 2011 14:48:15 -0500
From: Eric Paris <eparis@...isplace.org>
To: Vasiliy Kulikov <segoon@...nwall.com>
Cc: kernel-hardening@...ts.openwall.com, Valdis.Kletnieks@...edu, 
	linux-kernel@...r.kernel.org, Alexey Dobriyan <adobriyan@...il.com>, 
	Andrew Morton <akpm@...ux-foundation.org>, linux-security-module@...r.kernel.org, 
	Linus Torvalds <torvalds@...ux-foundation.org>
Subject: Re: Re: [PATCH] proc: restrict access to /proc/interrupts

On Mon, Nov 7, 2011 at 2:29 PM, Vasiliy Kulikov <segoon@...nwall.com> wrote:
> On Mon, Nov 07, 2011 at 11:18 -0800, H. Peter Anvin wrote:

> As to procfs, I see no real need of adding mode/group mount option for
> global procfs files (/proc/interrupts, /proc/stat, etc.) - it can be
> done by distro specific init scripts (chown+chmod).  I don't mind
> against such an option for the convenience, though.

While possible, the chmod+chown 'solutions' just aren't as simple as
you pretend.  Every time one creates a chroot environment and mounts
/proc it has be manually fixed there as well.  Same thing with a
container.  Sure if /proc were something that was only ever mounted
one time on a box it wouldn't be so bad, but that's not the case.....

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.