CONFIG_GRKERNSEC_PROC_GID not working anymore as before
Posted: Thu Apr 07, 2005 6:53 pmCONFIG_GRKERNSEC_PROC_GID is used to setup restrictive permissions only allowing root and users with a specific GID to access entries in /proc.
I just came across the fact that the list of entries protected is different between 2.1.4-2.4.29 and 2.0.1-2.4.28.
Easy check is permissions for /proc/cpuinfo (440 for 2.0.1-2.4.28 and 444 for 2.1.4-2.4.29).
Config to reproduce:
CONFIG_GRKERNSEC_PROC=y
# CONFIG_GRKERNSEC_PROC_USER is not set
CONFIG_GRKERNSEC_PROC_USERGROUP=y
CONFIG_GRKERNSEC_PROC_GID=1001
CONFIG_GRKERNSEC_PROC_ADD=y
Why did the protected /proc list change? Is there any plan to reestablish the old list?
I just came across the fact that the list of entries protected is different between 2.1.4-2.4.29 and 2.0.1-2.4.28.
Easy check is permissions for /proc/cpuinfo (440 for 2.0.1-2.4.28 and 444 for 2.1.4-2.4.29).
Config to reproduce:
CONFIG_GRKERNSEC_PROC=y
# CONFIG_GRKERNSEC_PROC_USER is not set
CONFIG_GRKERNSEC_PROC_USERGROUP=y
CONFIG_GRKERNSEC_PROC_GID=1001
CONFIG_GRKERNSEC_PROC_ADD=y
Why did the protected /proc list change? Is there any plan to reestablish the old list?