[grsec] Grsec + slabinfo
Brad Spengler
spender at grsecurity.net
Sat May 29 09:42:53 EDT 2010
> Is this something that can get accepted into grsec? I'm not sure there
> are any serious security problems giving out this info to root. This
> would be like CONFIG_GRKERNSEC_PROC but for slabinfo rather than processes.
I agree with the idea. It's fine for root to be able to read it -- if
users want to prevent root from reading it, the RBAC system has been
enforcing it for a while now by default. The patch doesn't do
everything it should though to be equivalent to the old patch with just
the permission change. For instance, /proc/slabinfo can be created by
either SLAB or SLUB, and both need to be changed in mm/slab.c and
mm/slub.c. Also, /proc/slab_allocators, if it exists due to a debug
option, should be restricted in the same way.
I'll fix this up and include it in the next patch.
Thanks!
-Brad
>
>
> As for the OOM bug, we'll post when we have more details. I haven't
> been able to hit the bug myself, so I'm waiting on Robin.
>
>
> - --
> Anthony G. Basile, Ph. D.
> Chair of Information Technology
> D'Youville College
> Buffalo, NY 14201
> (716) 829-8197
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.10 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iEYEARECAAYFAkwA98wACgkQl5yvQNBFVTU8nwCfc5y1HgOCoAgzc62azLM+JLuk
> nVsAoKGky0c9ggGrOisnMosiOHiA7crW
> =7Lru
> -----END PGP SIGNATURE-----
> _______________________________________________
> grsecurity mailing list
> grsecurity at grsecurity.net
> http://grsecurity.net/cgi-bin/mailman/listinfo/grsecurity
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Digital signature
URL: <http://grsecurity.net/pipermail/grsecurity/attachments/20100529/1f12b48b/attachment.pgp>
More information about the grsecurity
mailing list