On Tue, 15 May 2001 16:39:37 -0700 phil@bolthole.com wrote: > On Tue, May 15, 2001 at 10:52:44AM -0400, Michael Stone wrote: > > On Tue, May 15, 2001 at 08:43:33AM +0200, bounce-debian-devel=mstone=cs.loyola.edu@lists.debian.org wrote: > > > There are some commands on System, which are similar useable for root and > > > user. Think of ps, everyone on an linux-system is able to run "ps aux", so > > > it is shown all processes of the host. > > > I think, it it fully enaough, to let an user only make ps -a", for example, > > > to see the own processes. > > > > That level of information hiding is out of scope for a general unix > > system. > > Some Other unixen restrict users **in the kernel** to only view info on > their own processes, unless root id. > Which means ps is a setuid root executable, to allow viewing all processes. > If it isnt setuid, users cant view that info any more. > > I would think changing the owner/perms on the pid area of /proc should be a > relatively straightforward kernel hack. It should be configurable, though. Perhaps like this: hypothetical-system:~# ls -ld /proc/1 dr-xr-xr-x 3 root root 0 May 15 16:44 /proc/1 hypothetical-system:~# echo 0500 >/proc/sys/kernel/process_mode hypothetical-system:~# ls -ld /proc/1 dr-x------ 3 root root 0 May 15 16:44 /proc/1 hypothetical-system:~# su nobody hypothetical-system:/root$ cat /proc/1/status cat: /proc/1/status: Permission denied hypothetical-system:/root$ cat /proc/$$/status Name: bash State: R (running) [snip] hypothetical-system:/root$ exit hypothetical-system:~# echo 0555 >/proc/sys/kernel/process_mode hypothetical-system:~# su nobody hypothetical-system:/root$ cat /proc/1/status Name: init State: S (sleeping) [snip] In other words, a sysctl is used to set the mode for processes in /proc. It should be noted that this is already partially done: [bash/2.05.0] vulture@cornerstone:~ $ ls -ld /proc/24072/fd dr-x------ 2 root root 0 May 15 16:49 /proc/24072/fd This means that permission checking is already done on procfs entries, and that all that (in theory) needs to be done is to give root the ability to change those permissions at will. Regards, Alex.
Attachment:
pgpt5DS3F9lAc.pgp
Description: PGP signature