Re: Debian-Harden

To: phil@bolthole.com
Cc: debian-devel@lists.debian.org
Subject: Re: Debian-Harden
From: Alexander Hvostov <vulture@aoi.dyndns.org>
Date: Tue, 15 May 2001 16:50:49 -0700
Message-id: <[🔎] 20010515165049.3beec3ad.vulture@aoi.dyndns.org>
In-reply-to: <[🔎] 20010515163937.A19889@bolthole.com>
References: <[🔎] 20010515084333.A619@billgotchy.de> <[🔎] 20010515105244.E15731@justice.loyola.edu> <[🔎] 20010515163937.A19889@bolthole.com>

On Tue, 15 May 2001 16:39:37 -0700
phil@bolthole.com wrote:

> On Tue, May 15, 2001 at 10:52:44AM -0400, Michael Stone wrote:
> > On Tue, May 15, 2001 at 08:43:33AM +0200, bounce-debian-devel=mstone=cs.loyola.edu@lists.debian.org wrote:
> > > There are some commands on System, which are similar useable for root and
> > > user. Think of ps, everyone on an linux-system is able to run "ps aux", so
> > > it is shown all processes of the host.
> > > I think, it it fully enaough, to let an user only make ps -a", for example,
> > > to see the own processes.
> > 
> > That level of information hiding is out of scope for a general unix
> > system.
> 
> Some Other unixen restrict users **in the kernel** to only view info on
> their own processes, unless root id. 
> Which means ps is a setuid root executable, to allow viewing all processes.
> If it isnt setuid, users cant view that info any more.
> 
> I would think changing the owner/perms on the pid area of /proc should be a
> relatively straightforward kernel hack.

It should be configurable, though. Perhaps like this:

hypothetical-system:~# ls -ld /proc/1
dr-xr-xr-x    3 root     root            0 May 15 16:44 /proc/1
hypothetical-system:~# echo 0500 >/proc/sys/kernel/process_mode
hypothetical-system:~# ls -ld /proc/1
dr-x------    3 root     root            0 May 15 16:44 /proc/1
hypothetical-system:~# su nobody
hypothetical-system:/root$ cat /proc/1/status
cat: /proc/1/status: Permission denied
hypothetical-system:/root$ cat /proc/$$/status
Name:	bash
State:	R (running)
  [snip]
hypothetical-system:/root$ exit
hypothetical-system:~# echo 0555 >/proc/sys/kernel/process_mode
hypothetical-system:~# su nobody
hypothetical-system:/root$ cat /proc/1/status
Name:	init
State:	S (sleeping)
  [snip]

In other words, a sysctl is used to set the mode for processes
in /proc. It should be noted that this is already partially done:

[bash/2.05.0] vulture@cornerstone:~ $ ls -ld /proc/24072/fd
dr-x------    2 root     root            0 May 15 16:49 /proc/24072/fd

This means that permission checking is already done on procfs
entries, and that all that (in theory) needs to be done is to
give root the ability to change those permissions at will.

Regards,

Alex.

Attachment: pgpt5DS3F9lAc.pgp
Description: PGP signature

Reply to:

References:
- Debian-Harden
  - From: <list@lists.debian.org>
- Re: Debian-Harden
  - From: Michael Stone <mstone@debian.org>
- Re: Debian-Harden
  - From: phil@bolthole.com

Prev by Date: Re: Debian-Harden
Next by Date: Re: Debian-Harden
Previous by thread: Re: Debian-Harden
Next by thread: Re: Debian-Harden
Index(es):
- Date
- Thread