El lun, 18-04-2005 a las 15:05 -0400, Dave Jones escribió: > This is utterly absurd. You can find out anything thats in /proc/cpuinfo > by calling cpuid instructions yourself. Right, it doesn't make it worthy enough to represent any risk. > Please enlighten me as to what security gains we achieve > by not allowing users to see this ? It's more obscurity than anything else. At least that's what privacy means usually. It doesn't assure at all the unavailability of your information to others, it just tries to hide it from the public eye. > Restricting lots of the other files are equally absurd. > > I'd also be very surprised if various random bits of userspace > broke subtley due to this nonsense. I agree, as an example, grsecurity allows the configuration of a group with rights over the restricted entries, that's why I split up the patch for these entries. Thanks for the comments. Cheers. -- Lorenzo Hernández García-Hierro <[email protected]> [1024D/6F2B2DEC] & [2048g/9AE91A22][http://tuxedo-es.org]
Attachment:
signature.asc
Description: This is a digitally signed message part
- Follow-Ups:
- Re: [PATCH 3/7] procfs privacy: misc. entries
- From: [email protected] (David Wagner)
- Re: [PATCH 3/7] procfs privacy: misc. entries
- References:
- [PATCH 3/7] procfs privacy: misc. entries
- From: Lorenzo Hernández García-Hierro <[email protected]>
- Re: [PATCH 3/7] procfs privacy: misc. entries
- From: Dave Jones <[email protected]>
- [PATCH 3/7] procfs privacy: misc. entries
- Prev by Date: Re: [PATCH][RFC][0/4] InfiniBand userspace verbs implementation
- Next by Date: Re: [PATCH 0/7] procfs privacy
- Previous by thread: Re: [PATCH 3/7] procfs privacy: misc. entries
- Next by thread: Re: [PATCH 3/7] procfs privacy: misc. entries
- Index(es):
 |