I'm working on a small patch to allow changeable permissions on /proc
entries. In fact, I got a working patch together against 1.2.13 some time
ago, and a few people suggested this is a useful feature to have, and
that I should convert the patch to 1.3.x series development kernels. This
is what I've virtually finished at the moment, hampered by a large change
in the procfs code between 1.2.x and 1.3.x.
I hear there was some discussion about something like this recently, and
I would be grateful if anyone could summarise what was said.
Now, for those of you saying "why bother?".... primarily, the patch is
useful for non-root users hiding processes (or rather more usefully,
command lines) from each other. Using chmod on files or directories
within /proc, you can make command lines or entire processes disappear
from the output of "top" that another user is running :-)
Also, it has recently been discussed that the hard-coded permissions on
some of the files within /proc are rather liberal (ip firewalling rules
were mentioned I believe). Now wouldn't it be nice just to be able to do
a 'chmod og-r /proc/net/ip_firewall_or_wherever_it_is' ?
Another extension to procfs I quickly coded was the ability to kill
processes with 'rm -rf /proc/<pid>'.
Basically this mail is to ask:
1) If people like the functionality this patch would provide
2) If anyone out there wants to test it (I'm running it stably now)
3) If someone with a knowledge of procfs would look over the
code/implementation, as I know it's easy for procfs code to be insecure.
Cheers,
-- Chris