* hidepid=2 and dumpability
@ 2015-12-15 8:16 Evgenii Shatokhin
0 siblings, 0 replies; only message in thread
From: Evgenii Shatokhin @ 2015-12-15 8:16 UTC (permalink / raw)
To: Vasiliy Kulikov; +Cc: LKML
(Sorry, forgot to CC LKML yesterday, resending.)
Hi,
Could you shed some light on the implementation of 'hidepid' option for
procfs in the Linux kernel?
As far as I can see, has_pid_permissions() eventually calls
ptrace_may_access(task, PTRACE_MODE_READ). This way, if hidepid=2 is
used, the ordinary users will see only those of their own processes,
which are dumpable.
For example, the processes that changed credentials or were marked as
non-dumpable with prctl() will remain invisible to their owners. Isn't
that an overkill?
Or perhaps, there is a security risk if a user could read the contents
of /proc/<pid> for these processes?
I stumbled upon this while experimenting with hidepid=2 in a Virtuozzo
container. If I login to the container as an ordinary user via SSH, one
of the sshd processes (owned by the user) in the container is not
visible to that user. I checked in runtime that it is the dumpability
check in the kernel that fails in __ptrace_may_access().
The kernel is based on the version 3.10.x, but it should not matter much
in this case.
Any ideas?
Thanks in advance.
Regards,
Evgenii
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2015-12-15 8:16 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-12-15 8:16 hidepid=2 and dumpability Evgenii Shatokhin
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox