User: Password:
|
|
Subscribe / Log in / New account

Protecting /proc/slabinfo

Protecting /proc/slabinfo

Posted Mar 10, 2011 17:54 UTC (Thu) by rilder (guest, #59804)
Parent article: Protecting /proc/slabinfo

Every now and then, we see exploit related issues concerning either procfs or sysfs. So rather than disallowing files like /proc/slabinfo individually, we should disable all and whitelist only a few to be read by a non-root user, all others requiring root permission. It can be made an optional CONFIG_XXX bool entry for now to help distros in transition, making it compulsory in future versions.


(Log in to post comments)

Protecting /proc/slabinfo

Posted Mar 10, 2011 20:06 UTC (Thu) by nevets (subscriber, #11875) [Link]

hehe, this reminds me of that old saying:

"When all you have is a hammer, everything looks like a nail.".

Not saying it's a bad idea. I'm just saying it reminds me of that saying.

Protecting /proc/slabinfo

Posted Mar 15, 2011 22:47 UTC (Tue) by steffen780 (guest, #68142) [Link]

+1. Enumerating the bad simply doesn't scale. How many times will this discussion be held? Adding this kernel option, then defaulting to yes in a couple of years once the whitelist is sufficiently populated, seems to be the perfect solution.


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds