* hidepid=2 and dumpability
@ 2015-12-15 8:16 Evgenii Shatokhin
0 siblings, 0 replies; only message in thread
From: Evgenii Shatokhin @ 2015-12-15 8:16 UTC (permalink / raw)
To: Vasiliy Kulikov; +Cc: LKML
(Sorry, forgot to CC LKML yesterday, resending.)
Hi,
Could you shed some light on the implementation of 'hidepid' option for
procfs in the Linux kernel?
As far as I can see, has_pid_permissions() eventually calls
ptrace_may_access(task, PTRACE_MODE_READ). This way, if hidepid=2 is
used, the ordinary users will see only those of their own processes,
which are dumpable.
For example, the processes that changed credentials or were marked as
non-dumpable with prctl() will remain invisible to their owners. Isn't
that an overkill?
Or perhaps, there is a security risk if a user could read the contents
of /proc/<pid> for these processes?
I stumbled upon this while experimenting with hidepid=2 in a Virtuozzo
container. If I login to the container as an ordinary user via SSH, one
of the sshd processes (owned by the user) in the container is not
visible to that user. I checked in runtime that it is the dumpability
check in the kernel that fails in __ptrace_may_access().
The kernel is based on the version 3.10.x, but it should not matter much
in this case.
Any ideas?
Thanks in advance.
Regards,
Evgenii
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2015-12-15 8:16 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-12-15 8:16 hidepid=2 and dumpability Evgenii Shatokhin
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.