Removing global readability from 'proc' could have some adverse affects as well as many legitimate tools access information stored in the 'proc' file system. You might have to modify the default permissions granted to various other services that operate on information in the proc file system to make sure they're run as the appropriate user.
Cheers, Nathaniel On Thu, Feb 21, 2013 at 12:13 AM, jduck <[email protected]> wrote: > From my recollection, the permissions on proc files are defined in the > kernel. > > For files that exist the entire time the system is booted, you could chmod > them during boot via init.rc or similar. The earlier the better, obviously. > > However, for files that get automatically created (like proc/<pid>/stat), > you'll have to change the kernel. See fs/proc/base.c, specifically > "tid_base_stuff" and "tgid_base_stuff" arrays. I remember using a patch > back in the day that would allow you to specify a group and/or permissions > for such things at mount time. Sadly, it means recompiling the kernel > either way. > > Joshua > > > On Tuesday, February 5, 2013 10:20:51 PM UTC-6, xz wrote: >> >> Many procfs are global readable, like the /proc/[uid]/stat files, I want >> to make them 600, not sure which part of android defines the owner and mod >> of procfs. >> >> Any ideas? >> > -- > You received this message because you are subscribed to the Google Groups > "Android Security Discussions" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to > [email protected]. > Visit this group at > http://groups.google.com/group/android-security-discuss?hl=en. > For more options, visit https://groups.google.com/groups/opt_out. > > > -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/android-security-discuss?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
