Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754487Ab3IOI6x (ORCPT ); Sun, 15 Sep 2013 04:58:53 -0400 Received: from trent.utfs.org ([94.185.90.103]:36961 "EHLO trent.utfs.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753563Ab3IOI6w (ORCPT ); Sun, 15 Sep 2013 04:58:52 -0400 User-Agent: K-9 Mail for Android In-Reply-To: <20130914111426.GB4663@cachalot> References: <87r4cybio2.fsf@xmission.com> <20130914111426.GB4663@cachalot> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Subject: Re: proc hidepid=2 and SGID programs From: Christian Kujau Date: Sun, 15 Sep 2013 01:58:42 -0700 To: Vasiliy Kulikov CC: "Eric W. Biederman" , LKML Message-ID: X-AV-Checked: ClamAV using ClamSMTP (127.0.0.1) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 828 Lines: 22 Vasiliy Kulikov wrote: >> But still, I wonder if this is >> intended behaviour. > >Yes. > >If you think such side channel attacks are something you don't care, >just turn hidepid off. That's why it is an option. > >If you want to turn it off for some users, use gid=XXX. Maybe my initial question got lost in the noise: I merely wondered why "pgrep sgid-program" returned nothing but "kill pics off stiff program" was possible. Sure, if that's intended behavior, so be it. I just don't understand the (technical) reasoning behind this. Thanks, Christian. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/