[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20070711224207.48F464D0555@magilla.localdomain>
Date: Wed, 11 Jul 2007 15:42:07 -0700 (PDT)
From: Roland McGrath <roland@...hat.com>
To: Linus Torvalds <torvalds@...ux-foundation.org>
Cc: Andrew Morton <akpm@...ux-foundation.org>,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH 6/7] Add /sys/kernel/notes
> Ok, that doesn't sound bad. Is the "note" something global for the whole
> thing, or are there per-object file notes that you can parse (ie can you
> figure out which modules are linked in some way?)
Usually there is one per final link, so one in vmlinux and one in each .ko.
There is nothing you can figure out from the bitstring except to match it
with known binaries.
> If it's basically just a set of hashes, I won't worry.
It's just one hash. (Each .ko has one too, but I didn't bother with the
/sys/module/name/notes hack because it was too much trouble.)
> Is there any reason for it to be readable by anybody but the sysadmin?
> It's not like you're likely to do things like kernel debugging without
> root privileges?
I do kernel debugging all the time, but I am not usually root. It's not
that I can't be root any time, of course--I'm usually using a machine where
I can sudo with no password. But when I was young they taught me not to be
root whenever you don't have to, because I know I'm bound to break
something with a slip of the finger even when I surely ought to know
better. So I don't run analysis tools as root, just use sudo when I need
to actually change something, or fetch a protected log to look at.
> So if the *common* thing is that normally people have root who really
> care, and the distro could (if it wants to) just chmod the /sysfs file
> appropriately, maybe that would allow the best of both worlds? Just
> default to it being root-readable, but let the distro override it at
> boot-time?
If distros are prepared for the notion of chmod's in /sys, that sounds
fine. I presume you would want to uniformly change most of /sys, where
many things in /sys/module and /sys/kernel can be pretty revealing. Like I
said, I have no special opinions about the permissions. On all the systems
I use myself, everyone has ready access to the complete source and binaries
anyway (and can run dmesg).
Thanks,
Roland
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists