[PATCH 2/7] procfs privacy: tasks/processes lookup

[PATCH 2/7] procfs privacy: tasks/processes lookup

[Lorenzo Hernández García-Hierro]

[-- Attachment #1.1: Type: text/plain, Size: 298 bytes --]

This patch restricts non-root users to view only their own processes.

It's also available at:
http://pearls.tuxedo-es.org/patches/security/proc-privacy-1_fs_proc_base.c.patch

-- 
Lorenzo Hernández García-Hierro <lorenzo@gnu.org> 
[1024D/6F2B2DEC] & [2048g/9AE91A22][http://tuxedo-es.org]

[-- Attachment #1.2: proc-privacy-1_fs_proc_base.c.patch --]
[-- Type: text/x-patch, Size: 1265 bytes --]

diff -puN fs/proc/base.c~proc-privacy-1 fs/proc/base.c
--- linux-2.6.11/fs/proc/base.c~proc-privacy-1	2005-04-17 17:56:45.623607816 +0200
+++ linux-2.6.11-lorenzo/fs/proc/base.c	2005-04-17 18:01:14.988658104 +0200
@@ -1692,6 +1692,11 @@ struct dentry *proc_pid_lookup(struct in
 	if (!task)
 		goto out;
 
+	if (current->uid && (task->uid != current->uid)) {
+		put_task_struct(task);
+		goto out;
+	}
+
 	inode = proc_pid_make_inode(dir->i_sb, task, PROC_TGID_INO);
 
 
@@ -1699,7 +1704,7 @@ struct dentry *proc_pid_lookup(struct in
 		put_task_struct(task);
 		goto out;
 	}
-	inode->i_mode = S_IFDIR|S_IRUGO|S_IXUGO;
+	inode->i_mode = S_IFDIR|S_IRUSR|S_IXUSR;
 	inode->i_op = &proc_tgid_base_inode_operations;
 	inode->i_fop = &proc_tgid_base_operations;
 	inode->i_nlink = 3;
@@ -1783,6 +1788,7 @@ out:
 static int get_tgid_list(int index, unsigned long version, unsigned int *tgids)
 {
 	struct task_struct *p;
+	struct task_struct *tmp = current;
 	int nr_tgids = 0;
 
 	index--;
@@ -1803,6 +1809,8 @@ static int get_tgid_list(int index, unsi
 		int tgid = p->pid;
 		if (!pid_alive(p))
 			continue;
+		if (tmp->uid && (p->uid != tmp->uid))
+			continue;
 		if (--index >= 0)
 			continue;
 		tgids[nr_tgids] = tgid;

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

Re: [PATCH 2/7] procfs privacy: tasks/processes lookup

[Rik van Riel]

[-- Attachment #1: Type: TEXT/PLAIN, Size: 627 bytes --]

On Mon, 18 Apr 2005, Lorenzo Hernández García-Hierro wrote:

> This patch restricts non-root users to view only their own processes.

This looks like a very bad default to me!

Your patch would force people to run system monitoring
applications as root, because otherwise they cannot get
some of the information they can get now.  Forcing that
these applications run with root rights is a security
risk, not a benefit...

-- 
"Debugging is twice as hard as writing the code in the first place.
Therefore, if you write the code as cleverly as possible, you are,
by definition, not smart enough to debug it." - Brian W. Kernighan

Re: [PATCH 2/7] procfs privacy: tasks/processes lookup

[Lorenzo Hernández García-Hierro]

[-- Attachment #1: Type: text/plain, Size: 775 bytes --]

El lun, 18-04-2005 a las 15:24 -0400, Rik van Riel escribió:
> This looks like a very bad default to me!
> 
> Your patch would force people to run system monitoring
> applications as root, because otherwise they cannot get
> some of the information they can get now.  Forcing that
> these applications run with root rights is a security
> risk, not a benefit...

Right, that's why I would say "fall back to the config. option"
behavior, trusting in a certain user group defined in configuration-time
or via sysctl, or just keeping it simple as it's right now, split up so
anyone can decide what to apply and what shouldn't be applied.

Cheers,
-- 
Lorenzo Hernández García-Hierro <lorenzo@gnu.org> 
[1024D/6F2B2DEC] & [2048g/9AE91A22][http://tuxedo-es.org]

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

Re: [PATCH 2/7] procfs privacy: tasks/processes lookup

[Rene Scharfe]

Lorenzo Hernández García-Hierro schrieb:
> This patch restricts non-root users to view only their own processes.

You may also want to have a look at the patches I submitted over the
last few weeks that restricted some file permissions in /proc/<pid>/ and
the comments I received.

Regards,
Rene