This patch restricts non-root users to view only their own processes.
It's also available at:
http://pearls.tuxedo-es.org/patches/security/proc-privacy-1_fs_proc_base.c.patch
--
Lorenzo Hern?ndez Garc?a-Hierro <[email protected]>
[1024D/6F2B2DEC] & [2048g/9AE91A22][http://tuxedo-es.org]
On Mon, 18 Apr 2005, Lorenzo Hern?ndez Garc?a-Hierro wrote:
> This patch restricts non-root users to view only their own processes.
This looks like a very bad default to me!
Your patch would force people to run system monitoring
applications as root, because otherwise they cannot get
some of the information they can get now. Forcing that
these applications run with root rights is a security
risk, not a benefit...
--
"Debugging is twice as hard as writing the code in the first place.
Therefore, if you write the code as cleverly as possible, you are,
by definition, not smart enough to debug it." - Brian W. Kernighan
El lun, 18-04-2005 a las 15:24 -0400, Rik van Riel escribi?:
> This looks like a very bad default to me!
>
> Your patch would force people to run system monitoring
> applications as root, because otherwise they cannot get
> some of the information they can get now. Forcing that
> these applications run with root rights is a security
> risk, not a benefit...
Right, that's why I would say "fall back to the config. option"
behavior, trusting in a certain user group defined in configuration-time
or via sysctl, or just keeping it simple as it's right now, split up so
anyone can decide what to apply and what shouldn't be applied.
Cheers,
--
Lorenzo Hern?ndez Garc?a-Hierro <[email protected]>
[1024D/6F2B2DEC] & [2048g/9AE91A22][http://tuxedo-es.org]
Lorenzo Hern?ndez Garc?a-Hierro schrieb:
> This patch restricts non-root users to view only their own processes.
You may also want to have a look at the patches I submitted over the
last few weeks that restricted some file permissions in /proc/<pid>/ and
the comments I received.
Regards,
Rene