| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20110518163951.GA24143@suse.de> Date: Wed, 18 May 2011 09:39:51 -0700 From: Greg KH <gregkh@...e.de> To: Vasiliy Kulikov <segooon@...il.com> Cc: linux-kernel@...r.kernel.org, Kees Cook <kees.cook@...onical.com>, Eugene Teo <eugeneteo@...il.com> Subject: Re: [RFC] add mount options to sysfs On Wed, May 18, 2011 at 08:31:44PM +0400, Vasiliy Kulikov wrote: > Currently there is no good way to effectively globally restrict an > access to sysfs files. It's possible only to chmod the sysfs' > root/directories to fully deny access to sysfs (sub-)tree to some users > or chmod files after they are created. The latter approach is racy, > however. Why do you want to do this? What is in sysfs files that is not gloabally ok to access? That should be fixed first, if at all, instead of wanting to modify the whole sysfs tree, right? > The patch introduces sysfs mount options parsing and adds 4 new options: > uid, gid, mode and umask. uid, gid, and umask are classical options, > mode is a global restricting mode mask that defined the most relaxed > possible file mode. E.g. if mode=0750 then "chmod 0664" changes file's > permissions to 0640. What is going to break if you do this? Have you tested it? I'd be very worried about this. Again, what's the root problem you are trying to solve here? thanks, greg k-h -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists