From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id CD5B7C4345F for ; Thu, 25 Apr 2024 21:38:51 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 5D1D86B007B; Thu, 25 Apr 2024 17:38:51 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 581DC6B009D; Thu, 25 Apr 2024 17:38:51 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 4708D6B008C; Thu, 25 Apr 2024 17:38:51 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16]) by kanga.kvack.org (Postfix) with ESMTP id 28D576B009D for ; Thu, 25 Apr 2024 17:38:51 -0400 (EDT) Received: from smtpin28.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay06.hostedemail.com (Postfix) with ESMTP id AA283A214A for ; Thu, 25 Apr 2024 21:38:50 +0000 (UTC) X-FDA: 82049369220.28.E67E618 Received: from sin.source.kernel.org (sin.source.kernel.org [145.40.73.55]) by imf18.hostedemail.com (Postfix) with ESMTP id 8192C1C0007 for ; Thu, 25 Apr 2024 21:38:48 +0000 (UTC) Authentication-Results: imf18.hostedemail.com; dkim=pass header.d=linux-foundation.org header.s=korg header.b=HIApaua1; spf=pass (imf18.hostedemail.com: domain of akpm@linux-foundation.org designates 145.40.73.55 as permitted sender) smtp.mailfrom=akpm@linux-foundation.org; dmarc=none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1714081129; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=qI5CW5tTCBmT5vR6LfFWWlomHuG2StXedKufsh2Xck8=; b=gzqoVpF/IDR347zc6fHd76BLi6FX3i6nGuvJhDp8xmufdru3ikiql1cp+Vcq3ZBNWaw1xJ ViReiX45nSlaiA2Ll/2d25bo/yrbvrWKdkrYdzIGq8dH+9EIm2IEeCF9YfUZYrDLBnd+hP bYVMAGN4hjudsovpg0DaF938pCYYglY= ARC-Authentication-Results: i=1; imf18.hostedemail.com; dkim=pass header.d=linux-foundation.org header.s=korg header.b=HIApaua1; spf=pass (imf18.hostedemail.com: domain of akpm@linux-foundation.org designates 145.40.73.55 as permitted sender) smtp.mailfrom=akpm@linux-foundation.org; dmarc=none ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1714081129; a=rsa-sha256; cv=none; b=XZaJpPasOTuuXoTsddVjMgNwk/jXw63MEiLsDX4I+ibRKukBL8tSx7psBaEdom5c1DjC4e 0AnRSgDw9vvGQujyrd5a93XQZLLBc/UwE2FcNFZhlZhK1oBTAtV+V46YqvK0nuanwCtYCi fY2SZYtSvS/exIMlvQnoHPRlIDHFc9o= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by sin.source.kernel.org (Postfix) with ESMTP id 5D6ABCE13D0; Thu, 25 Apr 2024 21:38:44 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 49ECCC113CE; Thu, 25 Apr 2024 21:38:43 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linux-foundation.org; s=korg; t=1714081123; bh=c/w30T3d2xLjoPV7BOj7cdIM3uDt5brThstTtJMw1qw=; h=Date:From:To:Cc:Subject:In-Reply-To:References:From; b=HIApaua1Lra3WV8XfIDrQSiFAgLFluP6pDWigAGa+kys+mss6Iar5kIVbzQv4MGFC PXHzGlBiBpU2dHYpxJcvCKdIQUpIuljiylgUK4Gke54aTMqZAVAbWzyWxVm3nxNVgO uC3RQrfd4XIvRR2eZJK0bW4GTZhD55zJ93BFXebs= Date: Thu, 25 Apr 2024 14:38:42 -0700 From: Andrew Morton To: Suren Baghdasaryan Cc: Kent Overstreet , Matthew Wilcox , Kees Cook , linux-mm@kvack.org, linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org Subject: Re: [PATCH] alloc_tag: Tighten file permissions on /proc/allocinfo Message-Id: <20240425143842.fe54147e4073c7d5e8b48d7b@linux-foundation.org> In-Reply-To: References: <20240425200844.work.184-kees@kernel.org> <64cngpnwyav4odustofs6hgsh7htpc5nu23tx4lb3vxaltmqf2@sxn63f2gg4gu> X-Mailer: Sylpheed 3.8.0beta1 (GTK+ 2.24.33; x86_64-pc-linux-gnu) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 8192C1C0007 X-Stat-Signature: akwqk8x91f8wmohxukuyrdgreau16tj9 X-Rspam-User: X-Rspamd-Server: rspam07 X-HE-Tag: 1714081128-641162 X-HE-Meta: U2FsdGVkX1+OBKICzzUE77p3WF8/zni2/2kAHORZYZOBzC4Ukh8IWA7HCQu1bUQAu0MNyEyvcsKmnekKk5G7MRjwZxKaL4TlDSyHf8XzFCDT4ZpkKZOaR6bQoWhX+GAlS+asAa6YWANeC1sLdePakGjf5XncnKj2UNXyS1MWOOSnHUzZ/uz6issd081eKSSNWGp5ypKmzRDfYqP8bjoIXtli0i08BD9mxJXbN7NWpDa8xb4Ur8nJUF/qxqBv5MdXbcIu94y1ndSbhEWD7oVDbEg0c9j8nKnpybmgFtC48t+JDmOo8u4LryxjwbiHHKKK9GFoM0EbX/y5wpfrHng2N3tqYw9tJfxu2BBELr3qDnp1PFeKer7Lke/2G9tSYO6EUdAtYIfnPR8TNcru8JmlvK3u6WTVH6utYAqLwZ6iqX1VQWkyKQqd1U+WdiGgj3hzh/cNDTMwJvjldWb5x8GZ8vMOHE/mg3g0Q4JPkEtpliMY2TPSEm8x7SnE+W0wg2ZerYOdH2dSqkrXQrdZ8EkKH7veAUk1NR2u8GR3Olq+i/2stoeOOrRM04l+J10OuCgbdO3tX2rilyEi+AnFLWJR8YydW658kVGljueVkS8S2eQklDQQ2hwDrBuFozvcBElcyIqrlkzIO31WEuCOaX6sDT2HIqZP8fa7EqHHRpDZkO1ZRKLByehCjpA5JzVwbmtK1Eq2HXz2lgQ/T1FatCMvfxXcM39k/1aXu5K8OSYekUOuN33LvgZxaxHDkyEjUM58Z2puEtJZ4fTOmC1rY22OosO2JvBeJ5Cs23ffwh2C15myvFskfmPgv2CY6XzEvkGNiFLMzJZwzWSWIk688teGnSkGkXb++EIXbBMQIGXQjK4PL0UeSQEbmx6HOZWLLnBILvsQBnpzBcQtuVNPN0IVYwEOWvfOff/gbporAxEKCFZSfX9x3he0mVoFQ5iHpHRTXkdD/Pm52Fy6wiJj3OP nMbYwtTh FICg08E/Us1aPZbHNrj0VIAusVUBaRZuv3Vk6syXF0ehb0h0UEeXyCBVBJtsn2eqhy6JKzu2nKsmsHR5xIwJ05YRqJvcfsNdf0CZFaLAuIs89mexSO28ijDYevw5+/mv/rG/+D2eFaCgEquKD+174X8f6i/92NugF38SQMsEZgDcy/sqHsqvvqx/YYwp/bUVfWQfdJGsL9snLFolj4pcgIIpU6yWZWki6VBqDu/HrdPWvarOcfl+8sD7P5v4niQUW1i6+trVd8mzGqMQUVARJkbMpSEZ8m46tpnIlo1ZyIVFJPVKJc+MBbVb+8avzBZvtPrAw X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Thu, 25 Apr 2024 14:21:39 -0700 Suren Baghdasaryan wrote: > > > > The side effect of locking down more and more reporting interfaces is > > > > that programs that consume those interfaces now have to run as root. > > > > > > sudo cat /proc/allocinfo | analyse-that-fie > > > > Even that is still an annoyance, but I'm thinking more about a future > > daemon to collect this every n seconds - that really shouldn't need to > > be root. > > Yeah, that would preclude some nice usecases. Could we maybe use > CAP_SYS_ADMIN checks instead? That way we can still use it from a > non-root process? I'm inclined to keep Kees's 0400. Yes it's a hassle but security is always a hassle. Let's not make Linux less secure, especially for people who aren't even using /proc/allocinfo. If someone really wants 0666 then they can chmod the thing from initscripts, can't they?