Date: Sun, 30 Oct 2011 18:09:40 +0100 From: richard -rw- weinberger <richard.weinberger@...il.com> To: Arnd Bergmann <arnd@...db.de> Cc: Vasiliy Kulikov <segoon@...nwall.com>, linux-kernel@...r.kernel.org, kernel-hardening@...ts.openwall.com, Andrew Morton <akpm@...ux-foundation.org>, Greg Kroah-Hartman <gregkh@...e.de>, "David S. Miller" <davem@...emloft.net> Subject: Re: [RFC 0/5 v4] procfs: introduce hidepid=, hidenet=, gid= mount options On Thu, Jun 16, 2011 at 12:40 PM, Arnd Bergmann <arnd@...db.de> wrote: > On Thursday 16 June 2011, Vasiliy Kulikov wrote: >> > I have no opinion on whether it's a good idea to include the feature or not. >> >> Why not? Have you some specific complains where it can be perhaps too >> strong/insufficient/non-configurable? > > No, not at all. I just haven't had the need for this myself, and I'm not > enough of a security person to judge whether the vulnerability addressed > by the patch is a relevant one. E.g. if all the sensitive information > you are hiding in procfs is still available through netlink, your patch > is pointless. Similarly if there is no recorded case of an attack that > relies on any of the information in procfs. > Is this interface somewhere documented? IOW how is it possible to get all processes via netlink? -- Thanks, //richard
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.