Bodo Eggert schrieb:
> On Sun, 10 Apr 2005, Rene Scharfe wrote:
> 
> 
>>First, configuring via kernel parameters is sufficient.
> 
> 
> I don't remember: Would a mount option be equally easy to implement?
> (Kernel parameters are OK for me, too.)

A mount option for procfs would be changable at remount, making
implementation a bit more involved.

>>I have another idea: let's keep the details of _every_ process owned by
>>user root readable by anyone.
> 
> 
> What about SUID processes acting on behalf of users?

SUID root processes will we visible for all, too.  That's fair enough, I
think.  If it's a concern to you use proc.privacy=2.

>>-     processor.max_cstate=   [HW, ACPI]
>>-                     Limit processor to maximum C-state
>>-                     max_cstate=9 overrides any DMI blacklist limit.
>>-
> 
> 
> This seems to belong into another patch

Strictly speaking, yes, but it's just a trivial cleanup near my own
change.  And I guarantee it has zero impact on any built kernel image. :]

> (in pid_revalidate:)
> What about moving the things around? (just editing in the MUA)
> 
> 
>>+             if (IS_PID_DIR(proc_type(inode)) || task_dumpable(task)) {
>>                      inode->i_uid = task->euid;
>>+                     inode->i_gid = proc_gid;
>>+                     if (!proc_privacy || IS_PID_DIR(proc_type(inode)))
>>                              inode->i_gid = task->egid;
>>              } else {
>>                      inode->i_uid = 0;
>>                      inode->i_gid = 0;
>>              }
>>              security_task_to_inode(task, inode);
>>              return 1;
>>      }

I suppose you could do that, but I don't see any gain.  I also find my
version easier to read because it keeps the two conditionals (having
different intents and purposes) apart.

> BTW: You might be able to cache IS_PID_DIR(). It looks like being a gain.

I'd rather let the compiler do that job.  It's only a small macro, I
really doubt you would measure any speedup from putting it into a local
variable.

>>@@ -1454,6 +1468,11 @@ static struct dentry *proc_pident_lookup
> 
> 
>>+             if (proc_privacy == 2 || task->euid != 0)
> 
>                                                    ^^^^^
> redundand.

You're right and it's a matter of taste, I guess.  By the way, this is
also what the FreeBSD crowd calls a "bikeshed". :-)

Thanks for reviewing my patch!
Rene
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Reply via email to