Secure /proc permissions

Victor STANESCU (bruno@Heineken.lmn.pub.ro)
Fri, 7 May 1999 20:42:24 +0300 (EEST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Andries.Brouwer@cwi.nl: "Re: [OT] util-linux-2.9p"
Previous message: David S. Miller: "Re: 2.2.x fails to boot on SPARC 2 (scsi problems)"

This message is in MIME format. The first part should be readable text,
while the remaining parts are likely unreadable without MIME-aware tools.
Send mail to mime@docserver.cac.washington.edu for more info.

--1435337506-1228508514-926098944=:7121
Content-Type: TEXT/PLAIN; charset=US-ASCII

I made a patch for the 2.2.7 kernel which sets the permissions for the
/proc/<pid> and files inside so users can read information about only
their processes. If someone will try "ps aux" he will see a list composed
only by the processes he owns, and no other.

This option does not affect the root capability of seeing all processes
launched on the system.

The patch allows you to enable or disable the option from the configure
scripts.

I find it very useful and may be it would be good to be included in the
linux source.

If you ask yourself why this option, well, this is the way SunOS behaves.

The /proc filesystem contains sensitive information and I don't think is
normal to be read by any user who wants to.

Victor STANESCU-network administrator
The Numerical Methods Laboratory,
Politehnica University of Bucharest

--1435337506-1228508514-926098944=:7121
Content-Type: TEXT/PLAIN; charset=US-ASCII; name="2.2.7-secure_proc_patch"
Content-Transfer-Encoding: BASE64
Content-ID: <Pine.LNX.4.05.9905072042240.7121@Heineken.lmn.pub.ro>
Content-Description: Secure /proc patch
Content-Disposition: attachment; filename="2.2.7-secure_proc_patch"

ZGlmZiAtdSAtciBsaW51eC9Eb2N1bWVudGF0aW9uL0NvbmZpZ3VyZS5oZWxw
IGxpbnV4LTIuMi43L0RvY3VtZW50YXRpb24vQ29uZmlndXJlLmhlbHANCi0t
LSBsaW51eC9Eb2N1bWVudGF0aW9uL0NvbmZpZ3VyZS5oZWxwCVdlZCBBcHIg
MjEgMDE6MTc6MjAgMTk5OQ0KKysrIGxpbnV4LTIuMi43L0RvY3VtZW50YXRp
b24vQ29uZmlndXJlLmhlbHAJRnJpIE1heSAgNyAxOTo0ODozNSAxOTk5DQpA
QCAtNjk3Niw2ICs2OTc2LDE2IEBADQogICBUaGlzIG9wdGlvbiB3aWxsIGVu
bGFyZ2UgeW91ciBrZXJuZWwgYnkgYWJvdXQgMTggS0IuIFNldmVyYWwNCiAg
IHByb2dyYW1zIGRlcGVuZCBvbiB0aGlzLCBzbyBldmVyeW9uZSBzaG91bGQg
c2F5IFkgaGVyZS4NCiANCitTZWN1cmUgL3Byb2MgZmlsZXN5c3RlbSBwZXJt
aXNzaW9ucw0KK0NPTkZJR19QUk9DX1NGUw0KKyAgQ2hlY2tpbmcgdGhpcyBv
cHRpb24gd2lsbCBkZW55IHVzZXJzIGFjY2VzcyB0byBvdGhlciB1c2VycyBw
cm9jZXNzZXMNCisgIGluZm9ybWF0aW9uLiBXaGVuIGEgbm9ybWFsIHVzZXIg
d2lsbCB0cnkgdG8gc2VlIGFsbCBwcm9jZXNzZXMgdXNpbmcNCisgIHNvbWV0
aGluZyBsaWtlICdwcyBhdXgnLCBvciAndycsIG9yIGFueXRoaW5nIGVsc2Us
IGhlIHdpbGwgYmUgYWJsZQ0KKyAgdG8gc2VlIG9ubHkgdGhlIHByb2Nlc3Nl
cyBoZSBvd25zLiBUaGlzIG9wdGlvbiBkb2VzIG5vdCBhZmZlY3QgdGhlIA0K
KyAgcG9zc2liaWxpdHkgdG8gc2VlIGFsbCBwcm9jZXNzZXMgYXMgcm9vdC4g
DQorICBVc2UgaXQgaWYgeW91IGFyZSBpbnRlcmVzdGVkIGluIHByb3RlY3Rp
bmcgdXNlcnMgcHJpdmFjeS4gSXQgaXMgYWxzbw0KKyAgYSBnb29kIGlkZWVh
IGZvciBzZWN1cml0eS4NCisNCiBORlMgZmlsZXN5c3RlbSBzdXBwb3J0DQog
Q09ORklHX05GU19GUw0KICAgSWYgeW91IGFyZSBjb25uZWN0ZWQgdG8gc29t
ZSBvdGhlciAodXN1YWxseSBsb2NhbCkgVW5peCBjb21wdXRlcg0KZGlmZiAt
dSAtciBsaW51eC9mcy9Db25maWcuaW4gbGludXgtMi4yLjcvZnMvQ29uZmln
LmluDQotLS0gbGludXgvZnMvQ29uZmlnLmluCU1vbiBNYXIgIDggMDE6MjU6
MjMgMTk5OQ0KKysrIGxpbnV4LTIuMi43L2ZzL0NvbmZpZy5pbglGcmkgTWF5
ICA3IDEzOjIyOjM5IDE5OTkNCkBAIC0zNCw2ICszNCw5IEBADQogZmkNCiB0
cmlzdGF0ZSAnT1MvMiBIUEZTIGZpbGVzeXN0ZW0gc3VwcG9ydCAocmVhZCBv
bmx5KScgQ09ORklHX0hQRlNfRlMNCiBib29sICcvcHJvYyBmaWxlc3lzdGVt
IHN1cHBvcnQnIENPTkZJR19QUk9DX0ZTDQoraWYgWyAiJENPTkZJR19QUk9D
X0ZTIiA9ICJ5IiBdOyB0aGVuDQorICBib29sICcgICBTZWN1cmUgL3Byb2Mg
ZmlsZXN5c3RlbSBwZXJtaXNzaW9ucycgQ09ORklHX1BST0NfU0ZTDQorZmkN
CiBpZiBbICIkQ09ORklHX1VOSVg5OF9QVFlTIiA9ICJ5IiBdOyB0aGVuDQog
ICAjIEl0IGNvbXBpbGVzIGFzIGEgbW9kdWxlIGZvciB0ZXN0aW5nIG9ubHku
ICBJdCBzaG91bGQgbm90IGJlIHVzZWQNCiAgICMgYXMgYSBtb2R1bGUgaW4g
Z2VuZXJhbC4gIElmIHdlIG1ha2UgdGhpcyAidHJpc3RhdGUiLCBhIGJ1bmNo
IG9mIHBlb3BsZQ0KZGlmZiAtdSAtciBsaW51eC9mcy9wcm9jL2Jhc2UuYyBs
aW51eC0yLjIuNy9mcy9wcm9jL2Jhc2UuYw0KLS0tIGxpbnV4L2ZzL3Byb2Mv
YmFzZS5jCU1vbiBBdWcgMjQgMjM6MDI6NDMgMTk5OA0KKysrIGxpbnV4LTIu
Mi43L2ZzL3Byb2MvYmFzZS5jCUZyaSBNYXkgIDcgMTk6NDM6MjMgMTk5OQ0K
QEAgLTQsNiArNCw5IEBADQogICogIENvcHlyaWdodCAoQykgMTk5MSwgMTk5
MiBMaW51cyBUb3J2YWxkcw0KICAqDQogICogIHByb2MgYmFzZSBkaXJlY3Rv
cnkgaGFuZGxpbmcgZnVuY3Rpb25zDQorICoNCisgKiAgMTk5OSwgTWF5IDcg
IFZpY3RvciBTVEFORVNDVSwgPGJydW5vQGxtbi5wdWIucm8+ICANCisgKiAg
ICAgICAgICAgYWRkZWQgc2VjdXJlIHBlcm1pc3Npb25zIHRvIHRoZSBwcm9j
IGZpbGVzeXN0ZW0uDQogICovDQogDQogI2luY2x1ZGUgPGFzbS91YWNjZXNz
Lmg+DQpAQCAtODQsNyArODcsMTEgQEANCiAgKi8NCiBzdHJ1Y3QgcHJvY19k
aXJfZW50cnkgcHJvY19waWQgPSB7DQogCVBST0NfUElEX0lOTywgNSwgIjxw
aWQ+IiwNCisjaWZkZWYgQ09ORklHX1BST0NfU0ZTDQorCVNfSUZESVIgfCBT
X0lSVVNSIHwgU19JWFVTUiwgMiwgMCwgMCwNCisjZWxzZQ0KIAlTX0lGRElS
IHwgU19JUlVHTyB8IFNfSVhVR08sIDIsIDAsIDAsDQorI2VuZGlmDQogCTAs
ICZwcm9jX2Jhc2VfaW5vZGVfb3BlcmF0aW9ucywNCiAJTlVMTCwgcHJvY19w
aWRfZmlsbF9pbm9kZSwNCiAJTlVMTCwgJnByb2Nfcm9vdCwgTlVMTA0KQEAg
LTkyLDcgKzk5LDExIEBADQogDQogc3RhdGljIHN0cnVjdCBwcm9jX2Rpcl9l
bnRyeSBwcm9jX3BpZF9zdGF0dXMgPSB7DQogCVBST0NfUElEX1NUQVRVUywg
NiwgInN0YXR1cyIsDQorI2lmZGVmIENPTkZJR19QUk9DX1NGUw0KKwlTX0lG
UkVHIHwgU19JUlVTUiwgMSwgMCwgMCwNCisjZWxzZQ0KIAlTX0lGUkVHIHwg
U19JUlVHTywgMSwgMCwgMCwNCisjZW5kaWYNCiAJMCwgJnByb2NfYXJyYXlf
aW5vZGVfb3BlcmF0aW9ucywNCiAJTlVMTCwgcHJvY19waWRfZmlsbF9pbm9k
ZSwNCiB9Ow0KQEAgLTEzNCwyNSArMTQ1LDQxIEBADQogfTsNCiBzdGF0aWMg
c3RydWN0IHByb2NfZGlyX2VudHJ5IHByb2NfcGlkX2NtZGxpbmUgPSB7DQog
CVBST0NfUElEX0NNRExJTkUsIDcsICJjbWRsaW5lIiwNCisjaWZkZWYgQ09O
RklHX1BST0NfU0ZTDQorCVNfSUZSRUcgfCBTX0lSVVNSLCAxLCAwLCAwLA0K
KyNlbHNlDQogCVNfSUZSRUcgfCBTX0lSVUdPLCAxLCAwLCAwLA0KKyNlbmRp
Zg0KIAkwLCAmcHJvY19hcnJheV9pbm9kZV9vcGVyYXRpb25zLA0KIAlOVUxM
LCBwcm9jX3BpZF9maWxsX2lub2RlLA0KIH07DQogc3RhdGljIHN0cnVjdCBw
cm9jX2Rpcl9lbnRyeSBwcm9jX3BpZF9zdGF0ID0gew0KIAlQUk9DX1BJRF9T
VEFULCA0LCAic3RhdCIsDQorI2lmZGVmIENPTkZJR19QUk9DX1NGUw0KKwlT
X0lGUkVHIHwgU19JUlVTUiwgMSwgMCwgMCwNCisjZWxzZQ0KIAlTX0lGUkVH
IHwgU19JUlVHTywgMSwgMCwgMCwNCisjZW5kaWYNCiAJMCwgJnByb2NfYXJy
YXlfaW5vZGVfb3BlcmF0aW9ucywNCiAJTlVMTCwgcHJvY19waWRfZmlsbF9p
bm9kZSwNCiB9Ow0KIHN0YXRpYyBzdHJ1Y3QgcHJvY19kaXJfZW50cnkgcHJv
Y19waWRfc3RhdG0gPSB7DQogCVBST0NfUElEX1NUQVRNLCA1LCAic3RhdG0i
LA0KKyNpZmRlZiBDT05GSUdfUFJPQ19TRlMNCisJU19JRlJFRyB8IFNfSVJV
U1IsIDEsIDAsIDAsDQorI2Vsc2UNCiAJU19JRlJFRyB8IFNfSVJVR08sIDEs
IDAsIDAsDQorI2VuZGlmDQogCTAsICZwcm9jX2FycmF5X2lub2RlX29wZXJh
dGlvbnMsDQogCU5VTEwsIHByb2NfcGlkX2ZpbGxfaW5vZGUsDQogfTsNCiBz
dGF0aWMgc3RydWN0IHByb2NfZGlyX2VudHJ5IHByb2NfcGlkX21hcHMgPSB7
DQogCVBST0NfUElEX01BUFMsIDQsICJtYXBzIiwNCisjaWZkZWYgQ09ORklH
X1BST0NfU0ZTDQorCVNfSUZJRk8gfCBTX0lSVVNSLCAxLCAwLCAwLA0KKyNl
bHNlDQogCVNfSUZJRk8gfCBTX0lSVUdPLCAxLCAwLCAwLA0KKyNlbmRpZg0K
IAkwLCAmcHJvY19hcnJheWxvbmdfaW5vZGVfb3BlcmF0aW9ucywNCiAJTlVM
TCwgcHJvY19waWRfZmlsbF9pbm9kZSwNCiB9Ow0KQEAgLTE2MCw3ICsxODcs
MTEgQEANCiAjaWYgQ09ORklHX0FQMTAwMA0KIHN0YXRpYyBzdHJ1Y3QgcHJv
Y19kaXJfZW50cnkgcHJvY19waWRfcmluZ2J1ZiA9IHsNCiAJUFJPQ19QSURf
UklOR0JVRiwgNywgInJpbmdidWYiLA0KKyNpZmRlZiBDT05GSUdfUFJPQ19T
RlMNCisJU19JRlJFRyB8IFNfSVJVU1IgfCBTX0lXVVNSLCAxLCAwLCAwLA0K
KyNlbHNlDQogCVNfSUZSRUcgfCBTX0lSVUdPIHwgU19JV1VTUiwgMSwgMCwg
MCwNCisjZW5kaWYNCiAJMCwgJnByb2NfcmluZ2J1Zl9pbm9kZV9vcGVyYXRp
b25zLA0KIAlOVUxMLCBwcm9jX3BpZF9maWxsX2lub2RlLA0KIH07DQpAQCAt
MTY5LDcgKzIwMCwxMSBAQA0KICNpZmRlZiBfX1NNUF9fDQogc3RhdGljIHN0
cnVjdCBwcm9jX2Rpcl9lbnRyeSBwcm9jX3BpZF9jcHUgPSB7DQogCVBST0Nf
UElEX0NQVSwgMywgImNwdSIsDQorI2lmZGVmIENPTkZJR19QUk9DX1NGUw0K
KwlTX0lGUkVHIHwgU19JUlVTUiwgMSwgMCwgMCwNCisjZWxzZQ0KIAlTX0lG
UkVHIHwgU19JUlVHTywgMSwgMCwgMCwNCisjZW5kaWYNCiAJMCwgJnByb2Nf
YXJyYXlfaW5vZGVfb3BlcmF0aW9ucywNCiAJTlVMTCwgcHJvY19waWRfZmls
bF9pbm9kZSwNCiB9Ow0K
--1435337506-1228508514-926098944=:7121--

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Next message: Andries.Brouwer@cwi.nl: "Re: [OT] util-linux-2.9p"
Previous message: David S. Miller: "Re: 2.2.x fails to boot on SPARC 2 (scsi problems)"