Date: Mon, 19 Sep 2011 09:40:19 -0700 From: Linus Torvalds <torvalds@...ux-foundation.org> To: Balbir Singh <bsingharora@...il.com> Cc: Vasiliy Kulikov <segoon@...nwall.com>, Shailabh Nagar <nagar@...ibm.com>, linux-kernel@...r.kernel.org, security@...nel.org, Eric Paris <eparis@...hat.com>, Stephen Wilson <wilsons@...rt.ca>, KOSAKI Motohiro <kosaki.motohiro@...fujitsu.com>, David Rientjes <rientjes@...gle.com>, Andrew Morton <akpm@...ux-foundation.org>, Balbir Singh <balbir@...ux.vnet.ibm.com>, kernel-hardening@...ts.openwall.com Subject: Re: [Security] [PATCH 2/2] taskstats: restrict access to user On Thu, Jun 30, 2011 at 8:02 PM, Balbir Singh <bsingharora@...il.com> wrote: >> >> So that's why I think it should be marked BROKEN. What applications >> actually depend on this? iotop and what else? Because if it's just >> iotop, I do suspect we might be better off telling people "ok, >> disabling this will break iotop, but quite frankly, you're better off >> without it". > > I beg to differ, due to the reasons above. I'd rather find time and > fix the pending issues (network namespace), you've fixed the pid > namespace issue. I'd also look for exiting listeners So nothing ever happened on this thread, afaik. You can still read sensitive information at a byte granularity with taskstats. Balbir never sent any of the fixes he was supposed to, and none of the namespace issues have gotten fixed. It's now almost three months later, and things are still equally broken. I think we need to just disable TASKSTAT's. Nobody maintains it, it's been a known issue for months, people pointed out problems and even sent patches, and nothing happened. Maybe we can minimize it with the appended patch, but dammit, we need to do *something*. If I don't get any reasonable replies, I'm really going to have to mark this as known-BROKEN, since nothing ever happens, and the "maintainer" clearly doesn't care about security issues. Linus View attachment "patch.diff" of type "text/x-patch" (1481 bytes)
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.