Hi Vasiliy, On Sat, Sep 10, 2011 at 08:41:34PM +0400, Vasiliy Kulikov wrote: > Historically /proc/slabinfo has 0444 permissions and is accessible to > the world. slabinfo contains rather private information related both to > the kernel and userspace tasks. Depending on the situation, it might > reveal either private information per se or information useful to make > another targeted attack. Some examples of what can be learned by > reading/watching for /proc/slabinfo entries: > ... > World readable slabinfo simplifies kernel developers' job of debugging > kernel bugs (e.g. memleaks), but I believe it does more harm than > benefits. For most users 0444 slabinfo is an unreasonable attack vector. > > Signed-off-by: Vasiliy Kulikov <segoon@xxxxxxxxxxxx> Haven't had any mass complaints about the 0400 in Ubuntu (sorry Dave!), so I'm obviously for it. Reviewed-by: Kees Cook <kees@xxxxxxxxxx> -Kees -- Kees Cook Ubuntu Security Team -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@xxxxxxxxx. For more info on Linux MM, see: http://www.linux-mm.org/ . Fight unfair telecom internet charges in Canada: sign http://stopthemeter.ca/ Don't email: <a href=mailto:"dont@xxxxxxxxx";> email@xxxxxxxxx </a>