On Wed, Jun 10, 2020 at 9:37 PM Valdis Klētnieks <valdis.kletnieks@xxxxxx> wrote: > > On Wed, 10 Jun 2020 08:24:17 -0600, jim.cromie@xxxxxxxxx said: > > Id like to ask about a possible new use for file and directory sticky bits, > > or setuid bits, to address the root-only use of /proc (etc) files > > The sticky bit and setuid/gid bits already have meanings for directories, > and changing the semantics will break existing code. > ok, Id more or less expected this. the only escape might have been that those meanings pertain to a "real" FS, and might be irrelevant to a synthetic/virtual fs like /proc or /sys > > this needs root > > > > echo module kvm +p > /proc/dynamic_debug/control > > > > how about this ? > > > > cat root-owned-readonly-file > /proc/dynamic_debug/control > > Nope, doesn't work that way, because the file in /proc has no way to tell that > it's cat doing it from a root-owned file, versus cat doing it from a > hacker-owned file. As far as the /proc file is concerned, the "echo" and "cat" > commands are identical. > > If you have an actual need for non-root users to do this, there's always the > fact that 'sudo' can be restricted to specific commands for the user, and/or > the use of set-UID helper programs that validate the request and then issue it > on the user's behalf. > I have no actual need, more just wondering aloud. thanks Jim _______________________________________________ Kernelnewbies mailing list Kernelnewbies@xxxxxxxxxxxxxxxxx https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
