Linus Torvalds writes: (Summary) wrote:
I agree that '1' is a much saner default for _some_ uses, in that it still gives root access to /proc file data etc.
still gives root access to /proc file data etc.
However, the sad fact is that kptr_restrict just has bad semantics for that case too, in that you do want to give root access to /proc files, but the whole "is the current thread root" is a horrible horrible test.
test.
Partly it's horrible for the reasons mentioned in the source code (ie the whole IRQ context thing etc), but that's actually the smallest reason it's not great: the more fundamental issue is that even for /proc files, it should use the cred for the file opener, not the current user.
current user.
And for anything *but* /proc files, it's almost always the wrong thing (ie random printk's aren't generally really associated with any user).
[...]
but that can be a separate patch, IMO.I agree that '1' is a much saner default for _some_ uses, in that it still gives root access to /proc file data etc.
still gives root access to /proc file data etc.
However, the sad fact is that kptr_restrict just has bad semantics for that case too, in that you do want to give root access to /proc files, but the whole "is the current thread root" is a horrible horrible test.
test.
Partly it's horrible for the reasons mentioned in the source code (ie the whole IRQ context thing etc), but that's actually the smallest reason it's not great: the more fundamental issue is that even for /proc files, it should use the cred for the file opener, not the current user.
current user.
And for anything *but* /proc files, it's almost always the wrong thing (ie random printk's aren't generally really associated with any user).