On Sun, Sep 15, 2013 at 01:58 -0700, Christian Kujau wrote: > Vasiliy Kulikov <seg...@openwall.com> wrote: > >> But still, I wonder if this is > >> intended behaviour. > > > >Yes. > > > >If you think such side channel attacks are something you don't care, > >just turn hidepid off. That's why it is an option. > > > >If you want to turn it off for some users, use gid=XXX. > > Maybe my initial question got lost in the noise: I merely wondered why "pgrep > sgid-program" returned nothing but "kill pics off stiff program" was > possible. Sure, if that's intended behavior, so be it. I just don't > understand the (technical) reasoning behind this.
If process A may ptrace process B, A may kill B. In this case A may see any information about B. If process A may not ptrace process B, A probably still may kill B. But A may not see any information about B. In sense of information gathering hidepid doesn't differ setgid'ed processes and common processes of another user. As *some* privileges differ between a subject and an object, they are considered as being in different security domains. Information leakage crossing the interdomain border between these domains might help an attacker, so it is denied. -- Vasily Kulikov http://www.openwall.com - bringing security into open computing environments -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
