Hi Andrew, On Wed, Sep 14, 2011 at 12:27 -0700, Kees Cook wrote: > On Sat, Sep 10, 2011 at 08:41:34PM +0400, Vasiliy Kulikov wrote: > > Historically /proc/slabinfo has 0444 permissions and is accessible to > > the world. slabinfo contains rather private information related both to > > the kernel and userspace tasks. Depending on the situation, it might > > reveal either private information per se or information useful to make > > another targeted attack. Some examples of what can be learned by > > reading/watching for /proc/slabinfo entries: > > ... > > World readable slabinfo simplifies kernel developers' job of debugging > > kernel bugs (e.g. memleaks), but I believe it does more harm than > > benefits. For most users 0444 slabinfo is an unreasonable attack vector. > > > > Signed-off-by: Vasiliy Kulikov <segoon@xxxxxxxxxxxx> > > Haven't had any mass complaints about the 0400 in Ubuntu (sorry Dave!), so > I'm obviously for it. > > Reviewed-by: Kees Cook <kees@xxxxxxxxxx> Looks like the members of the previous slabinfo discussion don't object against the patch now and it got two other Reviewed-by responses. Can you merge it as-is or should I probably convince someone else? Thanks, -- Vasiliy Kulikov http://www.openwall.com - bringing security into open computing environments -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@xxxxxxxxx. For more info on Linux MM, see: http://www.linux-mm.org/ . Fight unfair telecom internet charges in Canada: sign http://stopthemeter.ca/ Don't email: <a href=mailto:"dont@xxxxxxxxx";> email@xxxxxxxxx </a>