Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 21 Sep 2011 22:20:54 -0400
To: Vasiliy Kulikov <>
Cc: Alan Cox <>, Pekka Enberg <>,
        Andrew Morton <>,, Kees Cook <>,
        Cyrill Gorcunov <>,
        Al Viro <>,
        Christoph Lameter <>,
        Matt Mackall <>,,, Dan Rosenberg <>,
        Theodore Tso <>, Jesper Juhl <>,
        Linus Torvalds <>,
        Greg KH <>, Peter Zijlstra <>,
        Paul Mackerras <>, Ingo Molnar <>,
        Arnaldo Carvalho de Melo <>
Subject: Re: Re: [RFC PATCH 2/2] mm: restrict access to /proc/slabinfo

On Wed, 21 Sep 2011 21:05:27 +0400, Vasiliy Kulikov said:
> Sorry, I've poorly worded my statement.  Of course I mean root-only
> slabinfo, not totally disable it.

Oh, that I can live with.. ;)

> Linus, Alan, Kees, and Dave are about to simply restrict slabinfo (and
> probably similar interfaces) to root.  Pekka is OK too.
> Christoph and Valdis are about to create new CONFIG_ option to be able
> to restrict the access to slabinfo/etc., but with old relaxed
> permissions.

I'm OK with a decision to just make the files mode 400 and be done with it,
since I can always stick a chmod in the startup scripts if it's *really* a problem.

Just that *if* we add a CONFIG_ option, it shouldn't be slabinfo-specific, but
should cover the *other* identified info-leakers in /proc and /sys as well.

Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.