| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <f41c7a5c-4f75-a9ea-c360-3949d27eedd3@intel.com>
Date: Fri, 25 Oct 2019 14:38:56 -0700
From: Dave Hansen <dave.hansen@...el.com>
To: zhanglin <zhang.lin16@....com.cn>, dan.j.williams@...el.com
Cc: akpm@...ux-foundation.org, jgg@...pe.ca, mingo@...nel.org,
dave.hansen@...ux.intel.com, namit@...are.com, bp@...e.de,
christophe.leroy@....fr, rdunlap@...radead.org, osalvador@...e.de,
richardw.yang@...ux.intel.com, linux-kernel@...r.kernel.org,
xue.zhihong@....com.cn, wang.yi59@....com.cn,
jiang.xuexin@....com.cn
Subject: Re: [PATCH] kernel: Restrict permissions of /proc/iomem.
On 10/25/19 1:56 AM, zhanglin wrote:
> The permissions of /proc/iomem currently are -r--r--r--. Everyone can
> see its content. As iomem contains information about the physical memory
> content of the device, restrict the information only to root.
For me, running as non-root on 5.4.0-rc4, I see:
$ cat /proc/iomem
00000000-00000000 : Reserved
00000000-00000000 : System RAM
00000000-00000000 : Reserved
00000000-00000000 : PCI Bus 0000:00
00000000-00000000 : Video ROM
00000000-00000000 : pnp 00:00
00000000-00000000 : pnp 00:00
00000000-00000000 : pnp 00:00
All 0's since kernel/resource.c::r_show() does:
if (file_ns_capable(m->file, &init_user_ns, CAP_SYS_ADMIN)) {
start = r->start;
end = r->end;
} else {
start = end = 0;
}
Are you just looking at the file as root and assuming that users see the
same thing since they have read permissions?
Powered by blists - more mailing lists