On Thu, Apr 25, 2024 at 02:21:39PM -0700, Suren Baghdasaryan wrote: > On Thu, Apr 25, 2024 at 2:04 PM Kent Overstreet > <kent.overstreet@xxxxxxxxx> wrote: > > > > On Thu, Apr 25, 2024 at 09:51:56PM +0100, Matthew Wilcox wrote: > > > On Thu, Apr 25, 2024 at 04:45:51PM -0400, Kent Overstreet wrote: > > > > On Thu, Apr 25, 2024 at 01:08:50PM -0700, Kees Cook wrote: > > > > > The /proc/allocinfo file exposes a tremendous about of information about > > > > > kernel build details, memory allocations (obviously), and potentially > > > > > even image layout (due to ordering). As this is intended to be consumed > > > > > by system owners (like /proc/slabinfo), use the same file permissions as > > > > > there: 0400. > > > > > > > > Err... > > > > > > > > The side effect of locking down more and more reporting interfaces is > > > > that programs that consume those interfaces now have to run as root. > > > > > > sudo cat /proc/allocinfo | analyse-that-fie > > > > Even that is still an annoyance, but I'm thinking more about a future > > daemon to collect this every n seconds - that really shouldn't need to > > be root. > > Yeah, that would preclude some nice usecases. Could we maybe use > CAP_SYS_ADMIN checks instead? That way we can still use it from a > non-root process? A sysctl would be more in line with what we do for perf. Capabilities aren't very usable, and CAP_SYS_ADMIN is already way too much of an everything bucket.
