Hi. On Sun, Apr 22, 2018 at 09:07:04AM +0000, Curt wrote: > On 2018-04-22, David Wright <deb...@lionunicorn.co.uk> wrote: > >> > >> I am not after winning any races but (seeing as you brought the issue > >> up) knowing whether ps sees my secret and how to go about finding that > >> out. > > > > ps might not be the best tool for deliberately finding the info above. > > The obvious place to look is /proc/<PID>/cmdline (where NULs separate > > the items). One can imagine a scenario where one tries to keep up with > > the PID incrementation and hoover up all the cmdlines on the system as > > they fly by. > > > > There is a mount option to the proc filesystem ('hidepid') that appears > to be designed to harden against the envisioned scenario (if I'm > understanding correctly--may not be the case, though). > > https://debian-administration.org/article/702/Hiding_processes_from_other_users > > Perhaps this is now obsolete information or something.
No, it's slightly outdated (they don't put /proc entry in fstab in stretch by default), but still useful. > Maybe not because in my Stretch man page for proc right at the top > I see the hidepid mount option. It's in the kernel documentation: /usr/share/doc/linux-doc-4.9/Documentation/filesystems/proc.txt.gz and it works: $ id uid=1000(user) gid=1000(user) groups=1000(user)... $ mount | grep proc proc on /proc type proc (rw,relatime,hidepid=2) systemd-1 on /proc/sys/fs/binfmt_misc type autofs (rw,relatime,fd=32,pgrp=1,timeout=0,minproto=5,maxproto=5,direct,pipe_ino=8539) binfmt_misc on /proc/sys/fs/binfmt_misc type binfmt_misc (rw,relatime) $ ls -d /proc/[0-9]* | wc -l 3 > Here (from 2014) > > https://lists.debian.org/debian-devel-announce/2014/03/msg00004.html > > it is said "* We're planning to request for hidepid to be enabled by > default (to 1). This will squash an entire class of information leaks. If > you have any comments or objections, please get in touch with us. > > but I can't seem to discover whether that was realized or not--from what > you people are saying, I guess not (hidepid=1 doesn't appear as a proc > mount option on my upgraded since Methuselah Stretch machine). That's because it's not a default setting. My guess is a certain Modern Desktop Environment™ breaks somehow if hidepid > 0 is in use. Reco