[Ksummit-discuss] security-related TODO items?
luto at amacapital.net
Tue Jan 24 02:38:04 UTC 2017
On Fri, Jan 20, 2017 at 2:38 PM, Kees Cook <keescook at chromium.org> wrote:
> I've already got various Kernel Self-Protection Project TODO items
> collected (of varying size and complexity), but recently Google's
> Patch Reward Program is trying to expand by helping create a bounty
> program for security-related TODOs. KSPP is just one corner of
> interest in the kernel, and I'd love to know if any other maintainers
> have TODO items that they'd like to see get done (and Google would
> potentially provide bounty money for).
> Let me know your security wish-lists, and I'll collect them all into a
> single place. And if there is a better place than ksummit-discuss to
> reach maintainers, I'm all ears. LKML tends to mostly just serve as a
> public archive. :)
Here's another one: split up and modernize /proc.
I'm imagining a whole series of changes:
- Make a sysctlfs. You could mount it and get all the sysctls if you
have global privilege. If you only have privilege relative to some
namespace, you could pass a mount option like -o scope=net to get just
sysctls that belong to the mounting process' netns. If done
carefully, this should be safe for unprivileged mounting without the
- Teach procfs to understand mount options for real (per-superblock).
Shouldn't be that hard.
- Make it possible to control hidepid per mount. systemd and such
could use this to tighten up daemons.
- Make it possible to make /proc/PID/cmdline only show argv via
per-mount option or perhaps sysctl.
- Make it possible to mount a mini-proc that doesn't have all the
non-PID stuff. Presumably it would still have an empty directory
called sys and maybe some other minimal contents for compatibility
More information about the Ksummit-discuss