oss-sec mailing list archives
Re: [Security] [oss-security] Re: /proc infoleaks
From: Willy Tarreau <w () 1wt eu>
Date: Mon, 13 Sep 2010 23:24:06 +0200
On Tue, Sep 07, 2010 at 09:19:03PM +0200, Marcus Meissner wrote:
or something like a umask for kernel-owned proc entries so that you have a polite default and are still able to enable it for certain profiling tools or whereever you need it.chmod 0440 /proc/slabinfoHeh, indeed. :-) Would it be a bad idea to have proc_create() use a more strict mode so it is non-leaking by default?Yeah, sane and a bit more strict, defaults are missing. The little pieces of information leakage out of the kernel should be fixed, to raise the bar for kernel exploits in little steps at a time.
Personally, I don't see why slabinfo could represent a threat. I'm regularly using it as a normal user just to check where all my RAM is going from time to time. The more we restrict access to harmless information, the more we'll have sudoers in the wild for special users who need special accesses. And sudoers are generally not as well managed as permissions, believe me ;-) Cheers, Willy
Current thread:
- /proc infoleaks Sebastian Krahmer (Sep 07)
- Re: [Security] /proc infoleaks Andrew Morton (Sep 07)
- Re: [Security] /proc infoleaks Sebastian Krahmer (Sep 07)
- Re: Re: [Security] /proc infoleaks Marcus Meissner (Sep 07)
- Re: [Security] [oss-security] Re: /proc infoleaks Willy Tarreau (Sep 13)
- Re: [Security] /proc infoleaks Sebastian Krahmer (Sep 07)
- Re: Re: [Security] /proc infoleaks Jon Oberheide (Sep 07)
- Re: Re: [Security] /proc infoleaks Andrew Morton (Sep 07)
- Re: [Security] [oss-security] Re: /proc infoleaks Andrew Morton (Sep 07)
- Re: [Security] [oss-security] Re: /proc infoleaks Brad Spengler (Sep 07)
- Re: Re: [Security] [oss-security] Re: /proc infoleaks Sebastian Krahmer (Sep 07)
- Re: Re: [Security] [oss-security] Re: /proc infoleaks Brad Spengler (Sep 08)
- Re: [Security] /proc infoleaks Andrew Morton (Sep 07)
- Re: [Security] [oss-security] Re: /proc infoleaks Linus Torvalds (Sep 07)