Re: [PATCH 2/7] procfs privacy: tasks/processes lookup
Lorenzo Hernández García-Hierro schrieb: > This patch restricts non-root users to view only their own processes. You may also want to have a look at the patches I submitted over the last few weeks that restricted some file permissions in /proc// and the comments I received. Regards, Rene - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH 2/7] procfs privacy: tasks/processes lookup
El lun, 18-04-2005 a las 15:24 -0400, Rik van Riel escribió: > This looks like a very bad default to me! > > Your patch would force people to run system monitoring > applications as root, because otherwise they cannot get > some of the information they can get now. Forcing that > these applications run with root rights is a security > risk, not a benefit... Right, that's why I would say "fall back to the config. option" behavior, trusting in a certain user group defined in configuration-time or via sysctl, or just keeping it simple as it's right now, split up so anyone can decide what to apply and what shouldn't be applied. Cheers, -- Lorenzo Hernández García-Hierro <[EMAIL PROTECTED]> [1024D/6F2B2DEC] & [2048g/9AE91A22][http://tuxedo-es.org] signature.asc Description: This is a digitally signed message part
Re: [PATCH 2/7] procfs privacy: tasks/processes lookup
On Mon, 18 Apr 2005, Lorenzo Hernández García-Hierro wrote: > This patch restricts non-root users to view only their own processes. This looks like a very bad default to me! Your patch would force people to run system monitoring applications as root, because otherwise they cannot get some of the information they can get now. Forcing that these applications run with root rights is a security risk, not a benefit... -- "Debugging is twice as hard as writing the code in the first place. Therefore, if you write the code as cleverly as possible, you are, by definition, not smart enough to debug it." - Brian W. Kernighan
[PATCH 2/7] procfs privacy: tasks/processes lookup
This patch restricts non-root users to view only their own processes. It's also available at: http://pearls.tuxedo-es.org/patches/security/proc-privacy-1_fs_proc_base.c.patch -- Lorenzo Hernández García-Hierro <[EMAIL PROTECTED]> [1024D/6F2B2DEC] & [2048g/9AE91A22][http://tuxedo-es.org] diff -puN fs/proc/base.c~proc-privacy-1 fs/proc/base.c --- linux-2.6.11/fs/proc/base.c~proc-privacy-1 2005-04-17 17:56:45.623607816 +0200 +++ linux-2.6.11-lorenzo/fs/proc/base.c 2005-04-17 18:01:14.988658104 +0200 @@ -1692,6 +1692,11 @@ struct dentry *proc_pid_lookup(struct in if (!task) goto out; + if (current->uid && (task->uid != current->uid)) { + put_task_struct(task); + goto out; + } + inode = proc_pid_make_inode(dir->i_sb, task, PROC_TGID_INO); @@ -1699,7 +1704,7 @@ struct dentry *proc_pid_lookup(struct in put_task_struct(task); goto out; } - inode->i_mode = S_IFDIR|S_IRUGO|S_IXUGO; + inode->i_mode = S_IFDIR|S_IRUSR|S_IXUSR; inode->i_op = &proc_tgid_base_inode_operations; inode->i_fop = &proc_tgid_base_operations; inode->i_nlink = 3; @@ -1783,6 +1788,7 @@ out: static int get_tgid_list(int index, unsigned long version, unsigned int *tgids) { struct task_struct *p; + struct task_struct *tmp = current; int nr_tgids = 0; index--; @@ -1803,6 +1809,8 @@ static int get_tgid_list(int index, unsi int tgid = p->pid; if (!pid_alive(p)) continue; + if (tmp->uid && (p->uid != tmp->uid)) + continue; if (--index >= 0) continue; tgids[nr_tgids] = tgid; signature.asc Description: This is a digitally signed message part