Re: Patch: Hide process info from other users/users not in my group

view
thread

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

From: Pavel Machek

Subject: Re: Patch: Hide process info from other users/users not in my group

Date: Wednesday, November 21, 2007 - 11:03 am

Hi!

quoted text> this patch sets (if the corresponding kconfig option is active) the access
> modes of /proc/<pid>-dirs to 550 instead of 555 in order to provide some
> privacy to users. Tools like lsof and ps to spy out on other users become
> ineffective.
> 
> Cheers,
> --
> Daniel Reichelt
> 
> # diff -Naur linux-2.6.23.8/fs/Kconfig linux-2.6.23.8-dhr/fs/Kconfig
> --- linux-2.6.23.8/fs/Kconfig   2007-11-16 19:14:27.000000000 +0100
> +++ linux-2.6.23.8-dhr/fs/Kconfig       2007-11-20 11:33:18.000000000 +0100
> @@ -918,6 +918,17 @@
>          help
>          Exports the dump image of crashed kernel in ELF format.
> 
> +config PROC_SECURED_PID_DIRS
> +       bool "chmod /proc/<pid>-dirs to 550"
> +       depends on PROC_FS
> +       default n
> +       help
> +         chmod /proc/<pid>-dirs to 550 instead of 555 which provides a bit
> +         moreprivacy to users on your system as only the user's and the user's
> +         group's process details may be viewed. Other users' tasks running on
> +         the system will be completely hidden from the means of utilities like
> +         ps or lsof.
> +

This really needs to be runtime-configurable.

-- 
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
-
unsubscribe noticeTo unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

Patch: Hide process info from other users/users not in my ..., Daniel Reichelt, (Tue Nov 20, 3:34 am)

Re: Patch: Hide process info from other users/users not in ..., Johannes Weiner, (Tue Nov 20, 10:53 am)

Re: Patch: Hide process info from other users/users not in ..., Daniel Reichelt, (Tue Nov 20, 12:42 pm)

Re: Patch: Hide process info from other users/users not in ..., Pavel Machek, (Wed Nov 21, 11:03 am)

Re: Patch: Hide process info from other users/users not in ..., Daniel Reichelt, (Sun Nov 25, 10:44 am)

Navigation

Popular discussions


linux-kernel:
Greg Kroah-Hartman	[PATCH 17/36] sysdev: detect multiple driver registrations
Greg Kroah-Hartman	[PATCH 22/36] PM: Make wakeup flags available whenever CONFIG_PM is set
Greg Kroah-Hartman	[PATCH 20/36] Driver core: Call device_pm_add() after bus_add_device() in device_a...
Rafael J. Wysocki	[Bug #16136] Linux 2.6.34 causes system lockup on Compaq Presario 2200 Laptop
Pekka Enberg	Re: BUG in free_block (tainted)
git:
Johannes Schindelin	Re: [PATCH 2/2] git-svn: support fetch with autocrlf on
Mark Burton	Re: [PATCH] builtin-branch: highlight current remote branches with an asterisk
Junio C Hamano	Re: [PATCH 6/6] Teach core object handling functions about gitlinks
Johannes Schindelin	Re: Trying to use git-filter-branch to compress history by removing large, obsolet...
Junio C Hamano	Re: git-svnimport
linux-netdev:
Daniel Schaffrath	Re: tcp bw in 2.6
Frans Pop	[PATCH] ipv4: make default for INET_LRO consistent with help text
Gerrit Renker	[PATCH 37/37] dccp: Debugging functions for feature negotiation
Patrick McHardy	Re: [PATCH RESEND 1/3] netfilter: xtables: inclusion of xt_condition
Daniel Lezcano	getsockopt(TCP_DEFER_ACCEPT) value change
openbsd-misc:
Conor	Re: RFID Reader
Josh Grosse	ssh/sshd challenge-response seems to have stopped working in -current
Pieter Verberne	File collision while using pkg_add
Stuart Henderson	Re: SquidGuard problem
Western Union	Online account has been suspended
git-commits-head:
Linux Kernel Mailing List	ath9k_htc: Allocate URBs properly
Linux Kernel Mailing List	ath9k: Added get_survey callback in order to get channel noise
Linux Kernel Mailing List	ALSA: snd-usb-caiaq: Do not expose hardware input mode 0 of A4DJ
Linux Kernel Mailing List	V4L/DVB (9041): Add support YUAN High-Tech STK7700D (1164:1f08)
Linux Kernel Mailing List	cpumask: make irq_set_affinity() take a const struct cpumask

Colocation donated by:

Syndicate