| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <alpine.DEB.2.01.1103251418300.4945@trent.utfs.org> Date: Fri, 25 Mar 2011 14:24:48 -0700 (PDT) From: Christian Kujau <lists@...dbynature.de> To: Al Viro <viro@...IV.linux.org.uk> cc: Daniel Reichelt <debian@...htgeist.net>, LKML <linux-kernel@...r.kernel.org> Subject: Re: procfs: boot- and runtime configurable access mode for /proc/<pid> dirs Not sure If I understand correctly, but: On Thu, 24 Mar 2011 at 20:37, Al Viro wrote: > Bull. /proc/<pid>/foo contents is sensitive, your patch doesn't do > you any good. fork(), open /proc/<child's PID>/foo in parent, then > exec suid-root binary in child. ...you would have to roll your own suid-root binary to be able to look into other /proc/PID directories, no? But making a binary suid-root requires root to begin with. I'd love to finally have a more restrictive /proc directory. Even if it only makes things "harder" (not necessarily "impossible") to get information from user users on the same box. Christian. -- BOFH excuse #216: What office are you in? Oh, that one. Did you know that your building was built over the universities first nuclear research site? And wow, aren't you the lucky one, your office is right over where the core is buried! -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists