[PATCH 2/7] procfs privacy: tasks/processes lookup

[Lorenzo Hernández García-Hierro]

This patch restricts non-root users to view only their own processes.

It's also available at:
http://pearls.tuxedo-es.org/patches/security/proc-privacy-1_fs_proc_base.c.patch

-- 
Lorenzo Hernández García-Hierro <lorenzo@xxxxxxx> 
[1024D/6F2B2DEC] & [2048g/9AE91A22][http://tuxedo-es.org]
diff -puN fs/proc/base.c~proc-privacy-1 fs/proc/base.c
--- linux-2.6.11/fs/proc/base.c~proc-privacy-1	2005-04-17 17:56:45.623607816 +0200
+++ linux-2.6.11-lorenzo/fs/proc/base.c	2005-04-17 18:01:14.988658104 +0200
@@ -1692,6 +1692,11 @@ struct dentry *proc_pid_lookup(struct in
 	if (!task)
 		goto out;
 
+	if (current->uid && (task->uid != current->uid)) {
+		put_task_struct(task);
+		goto out;
+	}
+
 	inode = proc_pid_make_inode(dir->i_sb, task, PROC_TGID_INO);
 
 
@@ -1699,7 +1704,7 @@ struct dentry *proc_pid_lookup(struct in
 		put_task_struct(task);
 		goto out;
 	}
-	inode->i_mode = S_IFDIR|S_IRUGO|S_IXUGO;
+	inode->i_mode = S_IFDIR|S_IRUSR|S_IXUSR;
 	inode->i_op = &proc_tgid_base_inode_operations;
 	inode->i_fop = &proc_tgid_base_operations;
 	inode->i_nlink = 3;
@@ -1783,6 +1788,7 @@ out:
 static int get_tgid_list(int index, unsigned long version, unsigned int *tgids)
 {
 	struct task_struct *p;
+	struct task_struct *tmp = current;
 	int nr_tgids = 0;
 
 	index--;
@@ -1803,6 +1809,8 @@ static int get_tgid_list(int index, unsi
 		int tgid = p->pid;
 		if (!pid_alive(p))
 			continue;
+		if (tmp->uid && (p->uid != tmp->uid))
+			continue;
 		if (--index >= 0)
 			continue;
 		tgids[nr_tgids] = tgid;

Attachment: signature.asc
Description: This is a digitally signed message part