Re: [kernel-hardening] Re: [RFC PATCH 2/2] mm: restrict access to /proc/slabinfo

From: Christoph Lameter <cl@gentwo.org>
Date: 2011-09-19 20:02:41
Also in: lkml

On Mon, 19 Sep 2011, Valdis.Kletnieks@vt.edu wrote:

On Mon, 19 Sep 2011 12:51:10 CDT, Christoph Lameter said:

quoted

IMHO a restriction of access to slab statistics is reasonable in a
hardened environment. Make it dependent on CONFIG_SECURITY or some such
thing?

Probably need to invent a separate Kconfig variable - CONFIG_SECURITY
is probably a way-too-big hammer for this nail. I can see lots of systems
that want to enable that, but won't want to tighten access to slab.

There is already CONFIG_SECURITY_DMESG_RESTRICT. Generalize that setting
to include all sorts of other kernel statistics?

--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org.  For more info on Linux MM,
see: http://www.linux-mm.org/ .
Fight unfair telecom internet charges in Canada: sign http://stopthemeter.ca/
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help