Re: [PATCH] Make /proc/slabinfo 0400

[Theodore Tso]

On Mar 3, 2011, at 5:30 PM, Dan Rosenberg wrote:

> I appreciate your input on this, you've made very reasonable points.
> I'm just not convinced that those few real users are being substantially
> inconvenienced, even if there's only a small benefit for the larger
> population of users who are at risk for attacks.  Perhaps others could
> contribute their opinions to the discussion.

Being able to monitor /proc/slabinfo is incredibly useful for finding various
kernel problems.  We can see if some part of the kernel is out of balance,
and we can also find memory leaks.   I once saved a school system's Linux
deployment because their systems were crashing once a week, and becoming
progressively more unreliable before they crashed, and the school board
was about to pull the plug.

Turned out the "virus scanner" was a piece of garbage that slowly leaked
memory over time, and since it was proprietary code that was loaded as 
a kernel module, it showed up in /proc/slabinfo.   If it had been protected
it would have been much harder for me to get access to such debugging
data.

I wonder if there is some other change we could make to the slab allocator
that would make it harder for exploit writers without having to protect the
/proc/slabinfo file.  For example, could we randomly select different free 
objects in a page instead of filling them in sequentially?

-- Ted

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/