| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAFLxGvxSBV9yF2AjXR5A3e-yLDXqMpS+GUFip1JhtzUc5Q0org@mail.gmail.com> Date: Sun, 30 Oct 2011 18:09:40 +0100 From: richard -rw- weinberger <richard.weinberger@...il.com> To: Arnd Bergmann <arnd@...db.de> Cc: Vasiliy Kulikov <segoon@...nwall.com>, linux-kernel@...r.kernel.org, kernel-hardening@...ts.openwall.com, Andrew Morton <akpm@...ux-foundation.org>, Greg Kroah-Hartman <gregkh@...e.de>, "David S. Miller" <davem@...emloft.net> Subject: Re: [RFC 0/5 v4] procfs: introduce hidepid=, hidenet=, gid= mount options On Thu, Jun 16, 2011 at 12:40 PM, Arnd Bergmann <arnd@...db.de> wrote: > On Thursday 16 June 2011, Vasiliy Kulikov wrote: >> > I have no opinion on whether it's a good idea to include the feature or not. >> >> Why not? Have you some specific complains where it can be perhaps too >> strong/insufficient/non-configurable? > > No, not at all. I just haven't had the need for this myself, and I'm not > enough of a security person to judge whether the vulnerability addressed > by the patch is a relevant one. E.g. if all the sensitive information > you are hiding in procfs is still available through netlink, your patch > is pointless. Similarly if there is no recorded case of an attack that > relies on any of the information in procfs. > Is this interface somewhere documented? IOW how is it possible to get all processes via netlink? -- Thanks, //richard -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists