From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id E117BC04FFE
	for <linux-mm@archiver.kernel.org>; Fri, 26 Apr 2024 08:32:34 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id 78EFB6B00A9; Fri, 26 Apr 2024 04:32:34 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 73F426B00B8; Fri, 26 Apr 2024 04:32:34 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 6088D6B00B9; Fri, 26 Apr 2024 04:32:34 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15])
	by kanga.kvack.org (Postfix) with ESMTP id 3EF006B00A9
	for <linux-mm@kvack.org>; Fri, 26 Apr 2024 04:32:34 -0400 (EDT)
Received: from smtpin01.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay10.hostedemail.com (Postfix) with ESMTP id 0A68DC12B7
	for <linux-mm@kvack.org>; Fri, 26 Apr 2024 08:32:34 +0000 (UTC)
X-FDA: 82051016628.01.F11C6AF
Received: from jabberwock.ucw.cz (jabberwock.ucw.cz [46.255.230.98])
	by imf03.hostedemail.com (Postfix) with ESMTP id 96D9720013
	for <linux-mm@kvack.org>; Fri, 26 Apr 2024 08:32:31 +0000 (UTC)
Authentication-Results: imf03.hostedemail.com;
	dkim=pass header.d=ucw.cz header.s=gen1 header.b=b7ZatGXx;
	spf=pass (imf03.hostedemail.com: domain of pavel@ucw.cz designates 46.255.230.98 as permitted sender) smtp.mailfrom=pavel@ucw.cz;
	dmarc=pass (policy=none) header.from=ucw.cz
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com;
	s=arc-20220608; t=1714120352;
	h=from:from:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:dkim-signature;
	bh=Y0dysf36aM5avB8c3yAupwYZYTudX4kjUfayQHr8SSA=;
	b=DsAN/3lEAmwjqc7i+1ptDi2o9RtVcJhKTyq0Mh81HdB1Ss19zNsLs+QbzV8JLeDj5kFHhV
	efOq2FdtMdf5rS08dqvjKa+ga5ZHpMvd0kL433Dw3lUfEq7VQBFvs5cMuwNA0di9U9ogrA
	RCuqC+eWJU9osWlhpASkdE2xesjvU00=
ARC-Authentication-Results: i=1;
	imf03.hostedemail.com;
	dkim=pass header.d=ucw.cz header.s=gen1 header.b=b7ZatGXx;
	spf=pass (imf03.hostedemail.com: domain of pavel@ucw.cz designates 46.255.230.98 as permitted sender) smtp.mailfrom=pavel@ucw.cz;
	dmarc=pass (policy=none) header.from=ucw.cz
ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1714120352; a=rsa-sha256;
	cv=none;
	b=iwfO3X+9vOGsKmOBJFiTwBwLKojO5kZI2uVduLEDwu3oycSbLYLndrR55D3VGusQQKewqC
	qLrlQio5+CY66BzWXRa1UV1v6ixR5eheYJfAeRi7cT+av0aonzSOWFiMKyjTAp9I5ni9M3
	w59g5ESdZm4Ug99mjUDid2U0ushNrgw=
Received: by jabberwock.ucw.cz (Postfix, from userid 1017)
	id 776511C0080; Fri, 26 Apr 2024 10:32:28 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ucw.cz; s=gen1;
	t=1714120348;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 in-reply-to:in-reply-to:references:references;
	bh=Y0dysf36aM5avB8c3yAupwYZYTudX4kjUfayQHr8SSA=;
	b=b7ZatGXxsSYhR8l8hZJRyGFW+LOr6qOGfutf+6Zm1P93RkDEUXMhKbTq6Vb+4x8qd1/MSK
	vozQMYgkGMFXitwkhVsSrNpvzMaOIobS45adwv4yKpTz8zordqplMkYEwt7hX30h5lSRJ6
	F1ESRL67V725AzzD/gtl2JuSFrK6Uz4=
Date: Fri, 26 Apr 2024 10:32:27 +0200
From: Pavel Machek <pavel@ucw.cz>
To: Suren Baghdasaryan <surenb@google.com>
Cc: Kent Overstreet <kent.overstreet@linux.dev>,
	Matthew Wilcox <willy@infradead.org>,
	Kees Cook <keescook@chromium.org>,
	Andrew Morton <akpm@linux-foundation.org>, linux-mm@kvack.org,
	linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org
Subject: Re: [PATCH] alloc_tag: Tighten file permissions on /proc/allocinfo
Message-ID: <Zitmm2SWucJA1Bdb@duo.ucw.cz>
References: <20240425200844.work.184-kees@kernel.org>
 <w6nbxvxt3itugrvtcvnayj5ducoxifwbffd7qh6vcastw77mse@2ugphwusgttz>
 <ZirCbPR1XwX2WJSX@casper.infradead.org>
 <64cngpnwyav4odustofs6hgsh7htpc5nu23tx4lb3vxaltmqf2@sxn63f2gg4gu>
 <CAJuCfpGiRFAOp-aqpVk6GRpG=4LEF3XyuV_LijzwDYRHKqHWWg@mail.gmail.com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="b3R0spGM4QxycKkW"
Content-Disposition: inline
In-Reply-To: <CAJuCfpGiRFAOp-aqpVk6GRpG=4LEF3XyuV_LijzwDYRHKqHWWg@mail.gmail.com>
X-Stat-Signature: zptsjj7iafdsw6p48887dtddsbj41fr4
X-Rspamd-Queue-Id: 96D9720013
X-Rspamd-Server: rspam10
X-Rspam-User: 
X-HE-Tag: 1714120351-122958
X-HE-Meta: U2FsdGVkX19PlcQu+nNssVb2P0HhtWjfNRCmjIG6rP6r3BA3XWhWQmmRpHIr2z+nefROEaxzELHIzpMPRcQWroOEDiWJqjKZCiukZRcHbnf6XMd8Sw0Yr3jMjqo0nwzRjpZDUVOnSJJjucHY+nvPUQ0RIiy+c73N6GgoXRo3e2sfbLL42hkZAMcbbHrZWOiMKCdxoD4UShNxldYgPIwn3V3J8pXd5ftTgIlLsSDIjblJIa35wk/xcU2CuQ5J24vQ9KebVE3FM4igWjuU9PiD1cSSJJCTb2p+/xlqWcDuhCFGPtiisUK6Mgs5KlEznbu3f9/NSG7IrMeZzA7EJTYsYsenU42H1+y1qeu+dKDyWrekQIbx4vkoi9dNy4JvB7NczNaCrDL3im/U26634I8PPgMsbFvIVqRVx5CuSTWxjcg3qv+SEeqniJBq9fMAv7paJ39UPtaDaCdAe1i1T0TWVq3U7dYaobu4YuGQ839nMP0DNbJ+gTa4mHhhPArFFOi2fXQTlzUsmEd62s+LTjmPKXdM3NFGwLNJros2y+cGDxRXiWtoznd5JVxnhJ4XVdE8NlT1ShegQ0Kg6FbsRwbTi2NyjM2ibAaH77hdA4tocK4xcrqhElOTjr2lLshqxr8FFOKREHD97WrSXRQ1D63a5+PhnOnJUJpO8L8LQtIJ1ttXTbPHyUEOlAwr69cTcokC2A+gvlEqydSIxYTXb3Kvk5ZXk8j5gmi7wO5CqiW+bxqCFVoBi+p1TEvSRj9XynQtzVQ3p3gd1fY7kM3gMnVj2C6h4rlke9jppObfvdILH1UOME7aWBlyHhb6FZRocUdx4q4A2Tqmrp8fBxOB5AkiYxmrlsrejV0ruuPjMNN3OR980VlZODO/AV2Fc5C2A8Dcl13DXdkTsIDIlDEMBNkBgBMia1usmPecuuuiz0VmeNZhI0rjtOBxwh+uKnX6rRWB8SfAhFAoxhj7KrvLojf
 ielkTbpG
 ntZnlJZIc81fo5dj+BlwaZ6bSAbGodIo9RIDCiPmnYJoj4TvGQ/6uUPAlnUQtqmOaMBMjQAQBwP1a5UOIgBk1xBdcfyv6EXsIPmI2mTeobOL3NJbPMz4F6wGIikD2ZVEAa3cupwCQgPUsuTmwvXe6rTdDK8q+DjFNR2c5psSb3rPO6hzbIopBTYFIE1OaOntYFyYExTJPiTyGmEvb924y/41LTuogPs8+HsW0VCWKH2gquozGjl5b5DSYJwO6JfLcdOQb
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000266, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>
List-Subscribe: <mailto:majordomo@kvack.org>
List-Unsubscribe: <mailto:majordomo@kvack.org>


--b3R0spGM4QxycKkW
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Hi!

> > > > > The /proc/allocinfo file exposes a tremendous about of informatio=
n about
> > > > > kernel build details, memory allocations (obviously), and potenti=
ally
> > > > > even image layout (due to ordering). As this is intended to be co=
nsumed
> > > > > by system owners (like /proc/slabinfo), use the same file permiss=
ions as
> > > > > there: 0400.
> > > >
> > > > Err...
> > > >
> > > > The side effect of locking down more and more reporting interfaces =
is
> > > > that programs that consume those interfaces now have to run as root.
> > >
> > > sudo cat /proc/allocinfo | analyse-that-fie
> >
> > Even that is still an annoyance, but I'm thinking more about a future
> > daemon to collect this every n seconds - that really shouldn't need to
> > be root.
>=20
> Yeah, that would preclude some nice usecases. Could we maybe use
> CAP_SYS_ADMIN checks instead? That way we can still use it from a
> non-root process?

CAP_SYS_ADMIN is really not suitable, as it can do changes to the
system. On working system, allocinfo is really not dangerous, it just
may make exploits harder. CAP_KERNEL_OBSERVER or something...

								Pavel
--=20
People of Russia, stop Putin before his war on Ukraine escalates.

--b3R0spGM4QxycKkW
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iF0EABECAB0WIQRPfPO7r0eAhk010v0w5/Bqldv68gUCZitmmwAKCRAw5/Bqldv6
8iSqAKCKKro6xd8WHDcLsDlqyKCPFqd44gCfZhN+HF+SZvKopvK94yJ3xCHoKGY=
=VeNA
-----END PGP SIGNATURE-----

--b3R0spGM4QxycKkW--