Re: [PATCH 3/7] procfs privacy: misc. entries

From: Lorenzo Hernández García-Hierro
Date: Mon Apr 18 2005 - 14:53:05 EST

Next message: Lorenzo Hernández García-Hierro: "Re: [PATCH 0/7] procfs privacy"
Previous message: Arjan van de Ven: "Re: [PATCH][RFC][0/4] InfiniBand userspace verbs implementation"
In reply to: Dave Jones: "Re: [PATCH 3/7] procfs privacy: misc. entries"
Next in thread: David Wagner: "Re: [PATCH 3/7] procfs privacy: misc. entries"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

El lun, 18-04-2005 a las 15:05 -0400, Dave Jones escribió:
> This is utterly absurd. You can find out anything thats in /proc/cpuinfo
> by calling cpuid instructions yourself.

Right, it doesn't make it worthy enough to represent any risk.

> Please enlighten me as to what security gains we achieve
> by not allowing users to see this ?

It's more obscurity than anything else. At least that's what privacy
means usually. It doesn't assure at all the unavailability of your
information to others, it just tries to hide it from the public eye.

> Restricting lots of the other files are equally absurd.
>
> I'd also be very surprised if various random bits of userspace
> broke subtley due to this nonsense.

I agree, as an example, grsecurity allows the configuration of a group
with rights over the restricted entries, that's why I split up the patch
for these entries.

Thanks for the comments.

Cheers.
--
Lorenzo Hernández García-Hierro <lorenzo@xxxxxxx>
[1024D/6F2B2DEC] & [2048g/9AE91A22][http://tuxedo-es.org]

Attachment: signature.asc
Description: This is a digitally signed message part

Next message: Lorenzo Hernández García-Hierro: "Re: [PATCH 0/7] procfs privacy"
Previous message: Arjan van de Ven: "Re: [PATCH][RFC][0/4] InfiniBand userspace verbs implementation"
In reply to: Dave Jones: "Re: [PATCH 3/7] procfs privacy: misc. entries"
Next in thread: David Wagner: "Re: [PATCH 3/7] procfs privacy: misc. entries"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]