hidepid=2 and dumpability - Evgenii Shatokhin

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Evgenii Shatokhin <eshatokhin@odin.com>
To: Vasiliy Kulikov <segooon@gmail.com>
Cc: LKML <linux-kernel@vger.kernel.org>
Subject: hidepid=2 and dumpability
Date: Tue, 15 Dec 2015 11:16:38 +0300	[thread overview]
Message-ID: <566FCC66.605@odin.com> (raw)

(Sorry, forgot to CC LKML yesterday, resending.)

Hi,

Could you shed some light on the implementation of 'hidepid' option for 
procfs in the Linux kernel?

As far as I can see, has_pid_permissions() eventually calls 
ptrace_may_access(task, PTRACE_MODE_READ). This way, if hidepid=2 is 
used, the ordinary users will see only those of their own processes, 
which are dumpable.

For example, the processes that changed credentials or were marked as 
non-dumpable with prctl() will remain invisible to their owners. Isn't 
that an overkill?

Or perhaps, there is a security risk if a user could read the contents 
of /proc/<pid> for these processes?

I stumbled upon this while experimenting with hidepid=2 in a Virtuozzo 
container. If I login to the container as an ordinary user via SSH, one 
of the sshd processes (owned by the user) in the container is not 
visible to that user. I checked in runtime that it is the dumpability 
check in the kernel that fails in __ptrace_may_access().

The kernel is based on the version 3.10.x, but it should not matter much 
in this case.

Any ideas?

Thanks in advance.

Regards,
Evgenii

                 reply	other threads:[~2015-12-15  8:16 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=566FCC66.605@odin.com \
    --to=eshatokhin@odin.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=segooon@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.