Re: [PATCH][RFC] Make /proc/<pid> chmod'able

[Albert Cahalan]

> OK, folks, another try to enhance privacy by hiding
> process details from other users.  Why not simply use
> chmod to set the permissions of /proc/<pid> directories?
> This patch implements it.
>
> Children processes inherit their parents' proc
> permissions on fork.  You can only set (and remove)
> read and execute permissions, the bits for write,
> suid etc. are not changable.  A user would add
>
>         chmod 500 /proc/$$
>
> or something similar to his .profile to cloak his processes.
>
> What do you think about that one?

This is a bad idea. Users should not be allowed to
make this decision. This is rightly a decision for
the admin to make.

Note: I'm the procps (ps, top, w, etc.) maintainer.

Probably I'd have to make /bin/ps run setuid root
to deal with this. (minor changes needed) The same
goes for /usr/bin/top, which I know is currently
unsafe and difficult to fix.

Let's not go there, OK?

If you restricted this new ability to root, then I'd
have much less of an objection. (not that I'd like it)



-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/