taskstats and /proc/PID/io may be used for gathering private
information. E.g. for openssh and vsftpd daemons wchars/rchars may be
used to learn the precise password length (pass_len = w_chars - CONST).
Restrict it to user.
The simplified proof learning whether ~*/.ssh/authorized_keys file
exists is posted here:
http://www.openwall.com/lists/oss-security/2011/06/21/12
Vasiliy Kulikov (2):
proc: restrict access to /proc/PID/io
taskstats: restrict access to user
fs/proc/base.c | 7 +++++--
kernel/taskstats.c | 23 ++++++++++++++++++++++-
2 files changed, 27 insertions(+), 3 deletions(-)