[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20191103175648.GA4603@mit.edu>
Date: Sun, 3 Nov 2019 12:56:48 -0500
From: "Theodore Y. Ts'o" <tytso@....edu>
To: Topi Miettinen <toiwoton@...il.com>
Cc: Luis Chamberlain <mcgrof@...nel.org>,
Kees Cook <keescook@...omium.org>,
Alexey Dobriyan <adobriyan@...il.com>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
"open list:FILESYSTEMS (VFS and infrastructure)"
<linux-fsdevel@...r.kernel.org>
Subject: Re: [PATCH] Allow restricting permissions in /proc/sys
On Sun, Nov 03, 2019 at 04:55:48PM +0200, Topi Miettinen wrote:
> Several items in /proc/sys need not be accessible to unprivileged
> tasks. Let the system administrator change the permissions, but only
> to more restrictive modes than what the sysctl tables allow.
>
> Signed-off-by: Topi Miettinen <toiwoton@...il.com>
Why should restruct the system administrator from changing the
permissions to one which is more lax than what the sysctl tables?
The system administrator is already very much trusted. Why should we
take that discretion away from the system administrator?
- Ted
Powered by blists - more mailing lists