Re: [PATCH] Restrict procfs permissions

From: Al Viro
Date: Fri Jan 28 2005 - 23:42:17 EST

Next message: Al Viro: "Re: Possible bug in keyboard.c (2.6.10)"
Previous message: Greg KH: "Re: [PATCH 1/2] pci: Arch hook to determine config space size"
In reply to: Rene Scharfe: "[PATCH] Restrict procfs permissions"
Next in thread: Rene Scharfe: "Re: [PATCH] Restrict procfs permissions"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sat, Jan 29, 2005 at 03:45:42AM +0100, Rene Scharfe wrote:
> The patch is inspired by the /proc restriction parts of the GrSecurity
> patch. The main difference is the ability to configure the restrictions
> dynamically. You can change the umask setting by running
>
> # mount -o remount,umask=007 /proc
>
> Testing has been *very* light so far -- it compiles and boots. Patch is
> against 2.6.11-rc2-bk6.
>
> Comments are very welcome.

It leaves already existing inodes with whatever mode they used to have.
_IF_ you want to do that sort of things, do it right - add ->permission()
that would apply that umask before checks and if you want it to be seen
in results of stat(2) - add ->gettattr() and do the same there.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Al Viro: "Re: Possible bug in keyboard.c (2.6.10)"
Previous message: Greg KH: "Re: [PATCH 1/2] pci: Arch hook to determine config space size"
In reply to: Rene Scharfe: "[PATCH] Restrict procfs permissions"
Next in thread: Rene Scharfe: "Re: [PATCH] Restrict procfs permissions"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]