Re: Bits from the Security Team

To: debian-devel@lists.debian.org
Cc: Guido Günther <agx@sigxcpu.org>
Subject: Re: Bits from the Security Team
From: Stephan Seitz <stse+debian@fsing.rootsland.net>
Date: Fri, 7 Mar 2014 14:11:00 +0100
Message-id: <[🔎] 20140307T140825.GA.df12d.stse@fsing.rootsland.net>
Mail-followup-to: debian-devel@lists.debian.org, Guido Günther <agx@sigxcpu.org>
In-reply-to: <[🔎] 20140306153234.GA27523@bogon.m.sigxcpu.org>
References: <20140305190301.GA2912@pisco.westfalen.local> <[🔎] 20140305195409.GB23080@bogon.m.sigxcpu.org> <[🔎] 20140305213323.GA9381@jwilk.net> <[🔎] 20140306153234.GA27523@bogon.m.sigxcpu.org>

On Thu, Mar 06, 2014 at 04:32:34PM +0100, Guido Günther wrote:

Luckily this is not the case. :) root can see other users' /proc
entries just fine. Perhaps the documentation should be improved.

I should have checked the code first. If I read that correctly
CAP_SYS_PTRACE is necessary here. I've forwarded a patch upstream.

I did a „setcap cap_sys_ptrace+eip /usr/lib/nagios/plugins/check_procs”,but a normal user can’t still check for running programs of another user.


What did I wrong?

Shade and sweet water!

	Stephan

--
| Stephan Seitz          E-Mail: stse@fsing.rootsland.net |
| Public Keys: http://fsing.rootsland.net/~stse/keys.html |

Attachment: smime.p7s
Description: S/MIME cryptographic signature

Reply to:

Follow-Ups:
- Re: Bits from the Security Team
  - From: Matthias Urlichs <matthias@urlichs.de>

References:
- Re: Bits from the Security Team
  - From: Guido Günther <agx@sigxcpu.org>
- Re: Bits from the Security Team
  - From: Jakub Wilk <jwilk@debian.org>
- Re: Bits from the Security Team
  - From: Guido Günther <agx@sigxcpu.org>

Prev by Date: Re: Bits from the Security Team
Next by Date: Re: Bits from the Security Team
Previous by thread: Re: Bits from the Security Team
Next by thread: Re: Bits from the Security Team
Index(es):
- Date
- Thread