Re: [PATCH] Restrict procfs permissions

[Rene Scharfe]

Al Viro wrote:
> On Sat, Jan 29, 2005 at 03:45:42AM +0100, Rene Scharfe wrote:
>
> > The patch is inspired by the /proc restriction parts of the
> > GrSecurity patch.  The main difference is the ability to configure
> > the restrictions dynamically.  You can change the umask setting by
> > running
> >
> > # mount -o remount,umask=007 /proc
> >
> > Testing has been *very* light so far -- it compiles and boots.
> > Patch is against 2.6.11-rc2-bk6.
> >
> > Comments are very welcome.
>
>
> It leaves already existing inodes with whatever mode they used to
> have.

I said "configure the restrictions dynamically" but I meant "doesn't
need a recompile to change settings".  I expect the umask to be
specified in /etc/fstab and rarely changed in a running system.  With
that in mind I think the patch is useful as-is, especially because it's
so small.  But I agree, that thing is a dirty hack. :]

> _IF_ you want to do that sort of things, do it right - add
> ->permission() that would apply that umask before checks and if you
> want it to be seen in results of stat(2) - add ->gettattr() and do
> the same there.

Aww, that sounds expensive.  My favourite solution would be to only 
allow the umask to be changed at mount time, not when remounting.

Calling parse_options from proc_fill_super, only and not from 
proc_remount does not help very much because proc_fill_super is only 
called at boot (or proc module load time).  Is there another way?

While we are here: how would one change the uid or gid parameter? With a 
built-in proc fs the mount -a -t proc in the init scripts only results 
in a proc_remount call which (in mainline) doesn't bother looking at 
parameters at all.  The same is true for a unmount, mount sequence.

Thanks,
Rene
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/