Topi Miettinen <toiwoton@xxxxxxxxx> writes:
On 4.11.2019 17.44, Eric W. Biederman wrote:
Do you have specific examples of the cases where you would like to
change the permissions?
Unprivileged applications typically do not need to access most items
in /proc/sys, so I'd like to gradually find out which are needed. So
far I've seen no problems with 0500 mode for directories abi, crypto,
debug, dev, fs, user or vm.
But if there is no problem in letting everyone access the information
why reduce the permissions?
I'm also using systemd's InaccessiblePaths to limit access (which
mounts an inaccessible directory over the path), but that's a bit too
big hammer. For example there are over 100 files in /proc/sys/kernel,
perhaps there will be issues when creating a mount for each, and that
multiplied by a number of services.
My sense is that if there is any kind of compelling reason to make
world-readable values not world-readable, and it doesn't break anything
(except malicious applications) than a kernel patch is probably the way
to go.
Policy knobs like this on proc tend to break in normal maintenance
because they are not used enough so I am not a big fan of adding policy
knobs just because we can.