From: Topi Miettinen <toiwoton@gmail.com>
To: "Eric W. Biederman" <ebiederm@xmission.com>,
Kees Cook <keescook@chromium.org>
Cc: Luis Chamberlain <mcgrof@kernel.org>,
Alexey Dobriyan <adobriyan@gmail.com>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"open list:FILESYSTEMS (VFS and infrastructure)"
<linux-fsdevel@vger.kernel.org>
Subject: Re: [PATCH] proc: Allow restricting permissions in /proc/sys
Date: Wed, 13 Nov 2019 17:28:52 +0200 [thread overview]
Message-ID: <128e6282-8fa5-0d4b-62f2-0d7408b0d184@gmail.com> (raw)
In-Reply-To: <87ftir7rrw.fsf@x220.int.ebiederm.org>
On 13.11.2019 16.52, Eric W. Biederman wrote:
> Kees Cook <keescook@chromium.org> writes:
>
>> Ah! I see the v2 here now. :) Can you please include that in your
>> Subject next time, as "[PATCH v2] proc: Allow restricting permissions
>> in /proc/sys"? Also, can you adjust your MUA to not send a duplicate
>> attachment? The patch inline is fine.
>>
>> Please CC akpm as well, since I think this should likely go through the
>> -mm tree.
>>
>> Eric, do you have any other thoughts on this?
>
> This works seems to be a cousin of having a proc that is safe for
> containers.
>
> Which leads to the whole mess that hide_pid is broken in proc last I
> looked.
>
> So my sense is that what we want to do is not allow changing the
> permissions but to sort through what it will take to provide actual
> mount options to proc (that are per mount). Thus removing the sharing
> that is (currently?) breaking the hide_pid option.
>
> With such an infrastructure in place we can provide a mount option
> (possibly default on when mounted by non-root) that keeps anything that
> unprivileged users don't need out of proc. Which is likely to be most
> things except the pid files.
>
> It is something I probably should be working on, but I got derailed
> by the disaster that has that happened with mounting. Even after
> I gave code review and showed them how to avoid it the new mount api
> is still not possible to use safely.
Are you perhaps referring to proc modernization patch set:
https://lkml.org/lkml/2018/5/11/155
Getting that reviewed and committed would be awesome!
-Topi
next prev parent reply other threads:[~2019-11-13 15:29 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-11-04 12:07 [PATCH] proc: Allow restricting permissions in /proc/sys Topi Miettinen
2019-11-12 23:25 ` Kees Cook
2019-11-13 14:52 ` Eric W. Biederman
2019-11-13 15:28 ` Topi Miettinen [this message]
2019-11-13 0:35 ` Luis Chamberlain
2019-11-13 0:59 ` Luis Chamberlain
2019-11-13 10:44 ` Topi Miettinen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=128e6282-8fa5-0d4b-62f2-0d7408b0d184@gmail.com \
--to=toiwoton@gmail.com \
--cc=adobriyan@gmail.com \
--cc=ebiederm@xmission.com \
--cc=keescook@chromium.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mcgrof@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).