Re: [RFC 0/5 v4] procfs: introduce hidepid=, hidenet=, gid= mountoptions

From: Vasiliy Kulikov
Date: Thu Jun 16 2011 - 09:34:19 EST

Next message: S, Venkatraman: "Re: [PATCH v4 00/12] mmc: use nonblock mmc requests to minimize latency"
Previous message: Tatyana Brokhman: "[PATCH/RFC 3/5] usb:g_zero: bulk in/out unittest support"
In reply to: Arnd Bergmann: "Re: [RFC 0/5 v4] procfs: introduce hidepid=, hidenet=, gid= mount options"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Arnd,

On Thu, Jun 16, 2011 at 13:40 +0200, Arnd Bergmann wrote:
> E.g. if all the sensitive information
> you are hiding in procfs is still available through netlink, your patch
> is pointless.

Ah, I've complitely missed this piece of a puzzle! :( With procfs, proc
connector and taskstats (probably, something else) should be restricted
too.

Thank you very much for this notice!

--
Vasiliy Kulikov
http://www.openwall.com - bringing security into open computing environments
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: S, Venkatraman: "Re: [PATCH v4 00/12] mmc: use nonblock mmc requests to minimize latency"
Previous message: Tatyana Brokhman: "[PATCH/RFC 3/5] usb:g_zero: bulk in/out unittest support"
In reply to: Arnd Bergmann: "Re: [RFC 0/5 v4] procfs: introduce hidepid=, hidenet=, gid= mount options"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]