On Thu, Apr 25, 2024 at 2:04 PM Kent Overstreet <kent.overstreet@xxxxxxxxx> wrote: > > On Thu, Apr 25, 2024 at 09:51:56PM +0100, Matthew Wilcox wrote: > > On Thu, Apr 25, 2024 at 04:45:51PM -0400, Kent Overstreet wrote: > > > On Thu, Apr 25, 2024 at 01:08:50PM -0700, Kees Cook wrote: > > > > The /proc/allocinfo file exposes a tremendous about of information about > > > > kernel build details, memory allocations (obviously), and potentially > > > > even image layout (due to ordering). As this is intended to be consumed > > > > by system owners (like /proc/slabinfo), use the same file permissions as > > > > there: 0400. > > > > > > Err... > > > > > > The side effect of locking down more and more reporting interfaces is > > > that programs that consume those interfaces now have to run as root. > > > > sudo cat /proc/allocinfo | analyse-that-fie > > Even that is still an annoyance, but I'm thinking more about a future > daemon to collect this every n seconds - that really shouldn't need to > be root. Yeah, that would preclude some nice usecases. Could we maybe use CAP_SYS_ADMIN checks instead? That way we can still use it from a non-root process? > > And the "lock everything down" approach really feels like paranoia gone > too far - what's next, /proc/cpuinfo? Do we really want to go the > Windows approach of UAC pop ups for everything? I'd rather be going the > opposite direction, of making it as easy as possible for users to see > what's going on with their machine. > > Instead, why not a sysctl, like we already have for perf? > > The concern about leaking image layout could be addressed by sorting the > output before returning to userspace.
