On Fri, Apr 26, 2024 at 10:32:27AM +0200, Pavel Machek wrote: > Hi! > > > > > > > The /proc/allocinfo file exposes a tremendous about of information > > > > > > about > > > > > > kernel build details, memory allocations (obviously), and > > > > > > potentially > > > > > > even image layout (due to ordering). As this is intended to be > > > > > > consumed > > > > > > by system owners (like /proc/slabinfo), use the same file > > > > > > permissions as > > > > > > there: 0400. > > > > > > > > > > Err... > > > > > > > > > > The side effect of locking down more and more reporting interfaces is > > > > > that programs that consume those interfaces now have to run as root. > > > > > > > > sudo cat /proc/allocinfo | analyse-that-fie > > > > > > Even that is still an annoyance, but I'm thinking more about a future > > > daemon to collect this every n seconds - that really shouldn't need to > > > be root. > > > > Yeah, that would preclude some nice usecases. Could we maybe use > > CAP_SYS_ADMIN checks instead? That way we can still use it from a > > non-root process? > > CAP_SYS_ADMIN is really not suitable, as it can do changes to the > system. On working system, allocinfo is really not dangerous, it just > may make exploits harder. CAP_KERNEL_OBSERVER or something...
There's _really_ no reason to use capabilities at all for something that has file ownership - just use a group.
