On Thu, 25 Apr 2024 15:42:30 -0700 Kees Cook <keescook@xxxxxxxxxxxx> wrote: > > The concern about leaking image layout could be addressed by sorting the > > output before returning to userspace. > > It's trivial to change permissions from the default 0400 at boot time. > It can even have groups and ownership changed, etc. This is why we have > per-mount-namespace /proc instances: > > # chgrp sysmonitor /proc/allocinfo > # chmod 0440 /proc/allocinfo > > Poof, instant role-based access control. :) Conversely, the paranoid could set it to 0400 at boot also. > I'm just trying to make the _default_ safe. Agree with this. Semi-seriously, how about we set the permissions to 0000 and force distributors/users to make a decision.