From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 18814C4345F for ; Thu, 25 Apr 2024 21:26:01 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 9EBAB6B0096; Thu, 25 Apr 2024 17:26:00 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 99A3D6B0098; Thu, 25 Apr 2024 17:26:00 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 861846B009B; Thu, 25 Apr 2024 17:26:00 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id 680426B0096 for ; Thu, 25 Apr 2024 17:26:00 -0400 (EDT) Received: from smtpin10.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay05.hostedemail.com (Postfix) with ESMTP id 1C23941346 for ; Thu, 25 Apr 2024 21:26:00 +0000 (UTC) X-FDA: 82049336880.10.2D68CB8 Received: from out-176.mta1.migadu.com (out-176.mta1.migadu.com [95.215.58.176]) by imf26.hostedemail.com (Postfix) with ESMTP id 2189914000F for ; Thu, 25 Apr 2024 21:25:57 +0000 (UTC) Authentication-Results: imf26.hostedemail.com; dkim=pass header.d=linux.dev header.s=key1 header.b=YmQbhvqT; spf=pass (imf26.hostedemail.com: domain of kent.overstreet@linux.dev designates 95.215.58.176 as permitted sender) smtp.mailfrom=kent.overstreet@linux.dev; dmarc=pass (policy=none) header.from=linux.dev ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1714080358; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=bcs3Nm1/9Fh3J4Kqjg9L7siFh+ejjk1lAbPq3D1UGRw=; b=Kw8Au1IPv9rFmYINevigeHYARMj/aZHUrY9JLFiyB9uAZM/wy4YbsxiIpVaKE6gBBLq1vi rsow8L8bdIyQSSkmrGU85RQV0QaxWOp/v+B+1RJvVKDWqzFm1GELA4LeVUQ1nE9C50ZLcY 1s7WHajnQnoalgGZQh2Fr3lQz3nd09E= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1714080358; a=rsa-sha256; cv=none; b=poluYDLIH7LnBobEgg6BJlOr/g6241bUspN4olcmkVV8iqB+gQiQ0wiHl7O1SJVyrPhqiY Qzw4qYLTgrS5pIfMs5mqsO9dTQF/CvFbYvA9AjLpsEDWzcwY28R7gAGOp37rjesV8VTaV9 ChorhVnvlW/gfrSJddW0EXRpxjuSjIw= ARC-Authentication-Results: i=1; imf26.hostedemail.com; dkim=pass header.d=linux.dev header.s=key1 header.b=YmQbhvqT; spf=pass (imf26.hostedemail.com: domain of kent.overstreet@linux.dev designates 95.215.58.176 as permitted sender) smtp.mailfrom=kent.overstreet@linux.dev; dmarc=pass (policy=none) header.from=linux.dev Date: Thu, 25 Apr 2024 17:25:53 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1714080356; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=bcs3Nm1/9Fh3J4Kqjg9L7siFh+ejjk1lAbPq3D1UGRw=; b=YmQbhvqToPD8nhSNDwaoX67lVDstd2lh5nC43lMUz2k/EOy6dFPKAW4SrYT2ZhD3p560p6 Bmlbsij0Gfehhr1YbVmUEz7InnK3T+SwykJMgqp0T5g3mGed6q/JUm/btmDRDBA/mP/cW+ RtYzd/Y/R+KOSDYGIsjIm8vMj6bjhdw= X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. From: Kent Overstreet To: Suren Baghdasaryan Cc: Matthew Wilcox , Kees Cook , Andrew Morton , linux-mm@kvack.org, linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org Subject: Re: [PATCH] alloc_tag: Tighten file permissions on /proc/allocinfo Message-ID: References: <20240425200844.work.184-kees@kernel.org> <64cngpnwyav4odustofs6hgsh7htpc5nu23tx4lb3vxaltmqf2@sxn63f2gg4gu> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: X-Migadu-Flow: FLOW_OUT X-Rspamd-Server: rspam12 X-Rspamd-Queue-Id: 2189914000F X-Rspam-User: X-Stat-Signature: ap6noepexkmuhz6rdn6thzf5438fo6do X-HE-Tag: 1714080357-676671 X-HE-Meta: U2FsdGVkX183Er/mTZ0aTA8xGaSH+mMZRvAMFF/7D03i4fefcdp6qskCBJan16co6f8QmUqRLp2gMnG0MfTFRe5Mbr1RyCoWltnRxWAxAEZd5IZVxwS/Qj+G02CXV88lzlG/6kQcisxNeOijQ3yz3xgdBNxR9cACQ0PE4ZYaGbcVfZUiZKMrUaKkG3XQ93oaOEXOL4wE/Cj79hi4r+f498ib2sdWln3VKsFVHEG+cGIzYGozwfZMvM5DXm0a7xXxCXH2NDWhtaLlQHHjgqgwdNxTLje52lxAWNbeRh7fsHX5TctD/9yrgwcRD6rpELjAh4RgDNMVJZVsPenUhgPpb2ph78sHAfY+MpjWHzWh9LZ3NLdOBdQ0OU4CtIuPHn2dp6Z5hvEGNRO2y208haY6AO8Zlft6pjIlkZjMPQGzAiPu3oBA9KSxqR0cTus3t2Rb7uiMNOmGcDwq8IbDKJB9YfYxbqo6KxSDXRDPw8tcPvxNafcyIMnx8TO1tUUzMcyEGFxaWYb/RtrdzqHqVkw1rMESeI19nUOy4BmYV3cMX7lvYwDCde/VnTBTVdizW6PdurVfDxXsI0Uj6J8QdYXs/MWn9iSDfFh5r1L1p6DIFiF4Bv9QnfpPY5tNN6LROMXZDlnWTBFBEz6rZDzCZa3B5QOQX32H2GkNzCJqYSwEGwIOYHQdTQFu1s1jshaJC3ZWBGsnTsh+eNPYEcLlurKyZgN/1kROX07ieD876BROY/hEVC3pVvuEA3z3KXROfEQeqnxNISet0okcz2uaL8+MPODfkF9nt/crRYBkIEVhZlJh3Pwv+Iid0Et9KWBFWK8HDG8GLq0Q7Al4QmFg/NHKzriq9fRZ1L55aLxTfF49y2S4NTH76+AVwwT/67RWLsCkPtrNyLk7Ze/qcQ0eZ4XFXn2ShoFWT95bkCwmdl615i/n/EWC0oY4CYJLJ+dHUT2PIhJMgb4tcBxthuaojZd XiesnK+f ZfGyUKAZBZc/S9MvgeCaCUxFfXgh72cqc0rr4gJIIbEDyY/hqvhWzGIbvCUznha+D/yZeVrhf/85YLNsJh1Q93H/h/3x7liEddnAP0IeVIwqByG8VvHLBRIyQVu/56IbBrM97Yz3vBCy4txkcis8KkXzRmbMCxewYX6uA X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Thu, Apr 25, 2024 at 02:21:39PM -0700, Suren Baghdasaryan wrote: > On Thu, Apr 25, 2024 at 2:04 PM Kent Overstreet > wrote: > > > > On Thu, Apr 25, 2024 at 09:51:56PM +0100, Matthew Wilcox wrote: > > > On Thu, Apr 25, 2024 at 04:45:51PM -0400, Kent Overstreet wrote: > > > > On Thu, Apr 25, 2024 at 01:08:50PM -0700, Kees Cook wrote: > > > > > The /proc/allocinfo file exposes a tremendous about of information about > > > > > kernel build details, memory allocations (obviously), and potentially > > > > > even image layout (due to ordering). As this is intended to be consumed > > > > > by system owners (like /proc/slabinfo), use the same file permissions as > > > > > there: 0400. > > > > > > > > Err... > > > > > > > > The side effect of locking down more and more reporting interfaces is > > > > that programs that consume those interfaces now have to run as root. > > > > > > sudo cat /proc/allocinfo | analyse-that-fie > > > > Even that is still an annoyance, but I'm thinking more about a future > > daemon to collect this every n seconds - that really shouldn't need to > > be root. > > Yeah, that would preclude some nice usecases. Could we maybe use > CAP_SYS_ADMIN checks instead? That way we can still use it from a > non-root process? A sysctl would be more in line with what we do for perf. Capabilities aren't very usable, and CAP_SYS_ADMIN is already way too much of an everything bucket.