Re: [PATCH] Restrict procfs permissions
From: Al Viro (viro_at_parcelfarce.linux.theplanet.co.uk)
Date: 01/29/05
- Previous message: Greg KH: "Re: [PATCH 1/2] pci: Arch hook to determine config space size"
- In reply to: Rene Scharfe: "[PATCH] Restrict procfs permissions"
- Next in thread: Rene Scharfe: "Re: [PATCH] Restrict procfs permissions"
- Reply: Rene Scharfe: "Re: [PATCH] Restrict procfs permissions"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Sat, 29 Jan 2005 04:41:09 +0000 To: Rene Scharfe <rene.scharfe@lsrfire.ath.cx>
On Sat, Jan 29, 2005 at 03:45:42AM +0100, Rene Scharfe wrote:
> The patch is inspired by the /proc restriction parts of the GrSecurity
> patch. The main difference is the ability to configure the restrictions
> dynamically. You can change the umask setting by running
>
> # mount -o remount,umask=007 /proc
>
> Testing has been *very* light so far -- it compiles and boots. Patch is
> against 2.6.11-rc2-bk6.
>
> Comments are very welcome.
It leaves already existing inodes with whatever mode they used to have.
_IF_ you want to do that sort of things, do it right - add ->permission()
that would apply that umask before checks and if you want it to be seen
in results of stat(2) - add ->gettattr() and do the same there.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
- Previous message: Greg KH: "Re: [PATCH 1/2] pci: Arch hook to determine config space size"
- In reply to: Rene Scharfe: "[PATCH] Restrict procfs permissions"
- Next in thread: Rene Scharfe: "Re: [PATCH] Restrict procfs permissions"
- Reply: Rene Scharfe: "Re: [PATCH] Restrict procfs permissions"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
|
