Date: Mon, 20 Jun 2011 20:23:28 +0900 From: KOSAKI Motohiro <kosaki.motohiro@...il.com> To: James Morris <jmorris@...ei.org> Cc: Vasiliy Kulikov <segoon@...nwall.com>, kernel-hardening@...ts.openwall.com, linux-kernel@...r.kernel.org, linux-security-module@...r.kernel.org Subject: Re: [RFC 2/5 v4] procfs: add hidepid= and gid= mount options 2011/6/20 James Morris <jmorris@...ei.org>: > On Mon, 20 Jun 2011, Vasiliy Kulikov wrote: > >> > Can you provide evidence that this is a useful feature? e.g. examples of >> > exploits / techniques which would be _usefully_ hampered or blocked. >> >> First, most of these files are usefull in sense of statistics gathering >> and debugging. There is no reason to provide this information to the >> world. >> >> Second, yes, it blocks one source of information used in timing attacks, >> just use reading the counters as more or less precise time measurement >> when actual timing measurements are not precise enough. > > Can you provide concrete examples? Vasiliy, I'm now stand aside James. I mean, if we don't understand your usecase clearly. we can't gurantee to don't break the feature in the future. So, we strongly hope to understand it. Moreover, _now_ I haven't understand your concrete usecase, and then _I_ can't review and be convinced your code. Please please avoid one line answer as far as possible, please provide us more information.
Powered by blists - more mailing lists
Powered by Openwall GNU/*/Linux - Powered by OpenVZ