Re: Bits from the Security Team
On 05/03/2014 22:33, Jakub Wilk wrote:
> hidepid=1 means users may not access any /proc/<pid>/ directories but their own.
Even that is strange. I just tried. Processus that are not mine
are not shown anymore by ps, but even some of mine disappeared! (mostly
urxvt ones)
See this example (the [] in the grep command are here to avoid to find
the grep command itself):
$ ps axfu | grep 321[6]1
vdanjean 32161 0.0 0.0 104796 2244 ? S févr.24 0:01 /usr/bin/urxvt
$ sudo mount -o remount,hidepid=1 /proc
$ ps axfu | grep 321[6]1
$ sudo mount -o remount,hidepid=0 /proc
$ ps axfu | grep 321[6]1
vdanjean 32161 0.0 0.0 104796 2244 ? S févr.24 0:01 /usr/bin/urxvt
$ logname
vdanjean
$ sudo mount -o remount,hidepid=2 /proc
$ ps axfu | grep 321[6]1
$ sudo ps axfu | grep 321[6]1
vdanjean 32161 0.0 0.0 104796 2244 ? S févr.24 0:01 /usr/bin/urxvt
$ sudo mount -o remount,hidepid=1 /proc
$ sudo ps axfu | grep 321[6]1
vdanjean 32161 0.0 0.0 104796 2244 ? S févr.24 0:01 /usr/bin/urxvt
# ==> root still see my processus
$ ps axfu | grep 321[6]1
$ ls /proc/32161/
ls: impossible d'ouvrir le répertoire /proc/32161/: Opération non permise
$ ls -ld /proc/32161
dr-xr-xr-x 9 vdanjean vdanjean 0 mars 7 15:33 /proc/32161
$
Why can't I see my own urxvt processus ?
Regards,
Vincent
--
Vincent Danjean GPG key ID 0x9D025E87 vdanjean@debian.org
GPG key fingerprint: FC95 08A6 854D DB48 4B9A 8A94 0BF7 7867 9D02 5E87
Unofficial pkgs: http://moais.imag.fr/membres/vincent.danjean/deb.html
APT repo: deb http://people.debian.org/~vdanjean/debian unstable main
Reply to: