On Apr 23, 2015 11:56 AM, "Greg Kroah-Hartman" <gre...@linuxfoundation.org> wrote: > > On Thu, Apr 23, 2015 at 11:04:36AM -0700, Linus Torvalds wrote: > > On Thu, Apr 23, 2015 at 10:57 AM, Linus Torvalds > > <torva...@linux-foundation.org> wrote: > > > > > > If somebody is printing something, it shouldn't matter if it's "lpr" > > > or "firefox http://horses.and.trannyporn.my.little.pony.com/"; that > > > does the printing. > > > > And btw, it's not just "this is information that shouldn't be logged". > > > > It's literally "information that should not *ever* be used". I can > > easily see some phone manufacturer deciding to do "value add" by > > adding a special case where a special vendor system manager program > > gets a back door to some service, because it needs to access the > > camera for user identification at login time, so there's some magic > > > > if (!strcmp(client->pid_comm, "vendor-login-pr")) > > return ACCESS_OK; > > > > because "it was the simplest way to do this", and the programmer knew > > it was a hack, but he needed to get it working because he had a > > deadline yesterday. > > > > And then somebody figures this out, and makes an app that takes > > pictures on your phone surreptitiously. > > > > No, we can't protect against vendors doing stupid things, but we very > > much also shouldn't make the kernel have interfaces that basically > > encourage people to do stupid things because they make irrelevant and > > wrongheaded data available. > > Doing access control based on comm and cmdline is horrid, I totally > agree. But right now, any process in the system can read any other > process's comm and cmdline value out of /proc today. So removing it > from the metadata is fine for kdbus, I can live with that, but it really > isn't "preventing" anything that's not already visible to everyone, so > if someone wanting to be "bad" could always still log it or do anything > else they wanted with it.
I feel like a broken record. This isn't true in general. Selinux can and, I believe, often does prevent this. --Andy -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
