From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753913AbbK3MNp (ORCPT ); Mon, 30 Nov 2015 07:13:45 -0500 Received: from wtarreau.pck.nerim.net ([62.212.114.60]:57405 "EHLO 1wt.eu" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753275AbbK3MNm (ORCPT ); Mon, 30 Nov 2015 07:13:42 -0500 Date: Mon, 30 Nov 2015 13:13:34 +0100 From: Willy Tarreau To: Konstantin Khlebnikov Cc: Ben Hutchings , linux-kernel@vger.kernel.org, stable@vger.kernel.org, Naoya Horiguchi , Mark Williamson , Andrew Morton , Linus Torvalds Subject: Re: [PATCH 2.6.32 19/38] [PATCH 19/38] pagemap: hide physical addresses from non-privileged users Message-ID: <20151130121334.GA2445@1wt.eu> References: <20151129214703.685445143@1wt.eu> <1448848462.1990.44.camel@decadent.org.uk> <20151130070136.GB31694@1wt.eu> <20151130113005.GA2440@1wt.eu> <565C37E7.1060102@yandex-team.ru> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <565C37E7.1060102@yandex-team.ru> User-Agent: Mutt/1.4.2.3i Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Nov 30, 2015 at 02:49:59PM +0300, Konstantin Khlebnikov wrote: > On 30.11.2015 14:30, Willy Tarreau wrote: > >+ /* do not disclose physical addresses: attack vector */ > >+ pm.show_pfn = !cap_capable(current, file->f_cred, CAP_SYS_ADMIN, > >SECURITY_CAP_AUDIT); > >+ > > At first sight this is confusing... but correct. It really returns zero > for success, unlike to new file_ns_capable which returns bool true. Yes, it trapped me as well, the first attempt I made only allowed non-root to read the pagemap! > The rest looks good too. OK thank you. Willy