Re: [PATCH] add umask parameter to procfs

From: Herbert Poetzl
Date: Thu Feb 17 2005 - 20:52:05 EST

Next message: Bernard Blackham: "Re: Swsusp, resume and kernel versions"
Previous message: Badari Pulavarty: "Re: -rc3 leaking NOT BIO [Was: Memory leak in 2.6.11-rc1?]"
In reply to: Andrew Morton: "Re: [PATCH] add umask parameter to procfs"
Next in thread: Debian User: "Re: [PATCH] add umask parameter to procfs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Feb 17, 2005 at 03:41:19PM -0800, Andrew Morton wrote:
> Rene Scharfe <rene.scharfe@xxxxxxxxxxxxxx> wrote:
> >
> > Add proc.umask kernel parameter. It can be used to restrict permissions
> > on the numerical directories in the root of a proc filesystem, i.e. the
> > directories containing process specific information.
> >
> > E.g. add proc.umask=077 to your kernel command line and all users except
> > root can only see their own process details (like command line
> > parameters) with ps or top. It can be useful to add a bit of privacy to
> > multi-user servers.
> >
> > The patch has been inspired by a similar feature in GrSecurity.
> >
> > It could have also been implemented as a mount option to procfs, but at
> > a higher cost and no apparent benefit -- changes to this umask are not
> > supposed to happen very often. Actually, the previous incarnation of
> > this patch was implemented as a half-assed mount option, but I didn't
> > know then how easy it is to add a kernel parameter.
>
> The feature seems fairly obscure, although very simple.
> Is anyone actually likely to use this?

what about parents (and especially the init process)
some tools like pstree (or ps in certain cases) depend
on their visibility/accessability ...

was this tested except for the trivial case where
just plain everything is visible?

what if you want to change it afterwards (when tools
did break)?

best,
Herbert

> > +static umode_t umask = 0;
>
> a) I think the above should be called proc_umask.
>
> b) You shouldn't initialise it.
>
> c) When adding a kernel parameter you should update
> Documentation/kernel-parameters.txt
> -
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@xxxxxxxxxxxxxxx
> More majordomo info at http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.tux.org/lkml/
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Bernard Blackham: "Re: Swsusp, resume and kernel versions"
Previous message: Badari Pulavarty: "Re: -rc3 leaking NOT BIO [Was: Memory leak in 2.6.11-rc1?]"
In reply to: Andrew Morton: "Re: [PATCH] add umask parameter to procfs"
Next in thread: Debian User: "Re: [PATCH] add umask parameter to procfs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]