From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from psmtp.com (na3sys010amx111.postini.com [74.125.245.111]) by kanga.kvack.org (Postfix) with SMTP id 003FD6B005A for ; Wed, 3 Oct 2012 14:02:10 -0400 (EDT) Received: by pbbrq2 with SMTP id rq2so11578537pbb.14 for ; Wed, 03 Oct 2012 11:02:10 -0700 (PDT) Date: Wed, 3 Oct 2012 11:02:07 -0700 (PDT) From: David Rientjes Subject: Re: [PATCH] mm: use %pK for /proc/vmallocinfo In-Reply-To: Message-ID: References: <20121002234934.GA9194@www.outflux.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-linux-mm@kvack.org List-ID: To: Kees Cook Cc: linux-kernel@vger.kernel.org, Andrew Morton , Minchan Kim , Joe Perches , Kautuk Consul , linux-mm@kvack.org, Brad Spengler On Wed, 3 Oct 2012, Kees Cook wrote: > > So root does echo 0 > /proc/sys/kernel/kptr_restrict first. Again: what > > are you trying to protect? > > Only CAP_SYS_ADMIN can change the setting. This is, for example, for > containers, or other situations where a uid 0 process lacking > CAP_SYS_ADMIN cannot see virtual addresses. It's a very paranoid case, > yes, but it's part of how this feature was designed. Think of it as > supporting the recent uid 0 vs ring 0 boundary. :) > The intention of /proc/vmallocinfo being S_IRUSR is obviously to only allow root to read this information to begin with, so if root lacks CAP_SYS_ADMIN then it seems the best fix would be to return an empty file on read()? Or give permission to everybody to read it but only return a positive count when they have CAP_SYS_ADMIN? There's no need to make this so convoluted that you need to have the right combination of uid, kptr_restrict, CAP_SYS_ADMIN, and CAP_SYSLOG to get anything valuable out of this file, though. -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@kvack.org. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: email@kvack.org