Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753818Ab3ISLmJ (ORCPT ); Thu, 19 Sep 2013 07:42:09 -0400 Received: from mail-la0-f44.google.com ([209.85.215.44]:34551 "EHLO mail-la0-f44.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753755Ab3ISLmG (ORCPT ); Thu, 19 Sep 2013 07:42:06 -0400 Date: Thu, 19 Sep 2013 15:42:02 +0400 From: Vasiliy Kulikov To: Christian Kujau Cc: "Eric W. Biederman" , LKML Subject: Re: proc hidepid=2 and SGID programs Message-ID: <20130919114202.GA12144@cachalot> References: <87r4cybio2.fsf@xmission.com> <20130914111426.GB4663@cachalot> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.21 (2010-09-15) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1553 Lines: 35 On Sun, Sep 15, 2013 at 01:58 -0700, Christian Kujau wrote: > Vasiliy Kulikov wrote: > >> But still, I wonder if this is > >> intended behaviour. > > > >Yes. > > > >If you think such side channel attacks are something you don't care, > >just turn hidepid off. That's why it is an option. > > > >If you want to turn it off for some users, use gid=XXX. > > Maybe my initial question got lost in the noise: I merely wondered why "pgrep sgid-program" returned nothing but "kill pics off stiff program" was possible. Sure, if that's intended behavior, so be it. I just don't understand the (technical) reasoning behind this. If process A may ptrace process B, A may kill B. In this case A may see any information about B. If process A may not ptrace process B, A probably still may kill B. But A may not see any information about B. In sense of information gathering hidepid doesn't differ setgid'ed processes and common processes of another user. As *some* privileges differ between a subject and an object, they are considered as being in different security domains. Information leakage crossing the interdomain border between these domains might help an attacker, so it is denied. -- Vasily Kulikov http://www.openwall.com - bringing security into open computing environments -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/