On 2016-04-14 13:40, Linus Torvalds wrote: > > Actually, %pK is horrible in /proc and /sys files, and does the wrong > thing. > I agree with that, but for now there is no way to make things right in /proc or /sys. > > A file access should use "file->f_cred", but the seq_file interface > sadly doesn't expose any way to do that. > > I'll take a look, but it's non-trivial to get right. %pK turns out to > have been seriously mis-designed, and is basically almost always a > bug. > > Linus In another way, maybe it's good to remove code dependencies on /proc sensitive files like /proc/iomem. Kees Coook: "it looks like at least Ubuntu's kernel security test suite expects to find these entries (when it verifies that STRICT_DEVMEM hasn't regressed)" Freeman Zhang: "Removal of these information causes 'kexec/kdump' to fail in the newer kernel" Removing such dependencies would make things better and code/bss/data sections could be removed.
