Re: Bits from the Security Team

To: debian-devel@lists.debian.org
Subject: Re: Bits from the Security Team
From: Jakub Wilk <jwilk@debian.org>
Date: Fri, 7 Mar 2014 18:41:02 +0100
Message-id: <[🔎] 20140307174102.GA3777@jwilk.net>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <[🔎] 5319DAA6.3040200@free.fr>
References: <20140305190301.GA2912@pisco.westfalen.local> <[🔎] 20140305195409.GB23080@bogon.m.sigxcpu.org> <[🔎] 20140305213323.GA9381@jwilk.net> <[🔎] 5319DAA6.3040200@free.fr>

* Vincent Danjean <vdanjean.ml@free.fr>, 2014-03-07, 15:41:

hidepid=1 means users may not access any /proc/<pid>/ directories buttheir own.
Even that is strange. I just tried. Processus that are not mine are notshown anymore by ps, but even some of mine disappeared! (mostly urxvtones)


$ ls -l /usr/bin/urxvt
-rwxr-sr-x 1 root utmp 1272864 Dec 22 18:50 /usr/bin/urxvt

It's setgid, so it can't be ptraced, so it doesn't show up in /proc.

The inability to see your own setgid processes makes this featureunappealing. :(


--
Jakub Wilk

Reply to:

Follow-Ups:
- Re: Bits from the Security Team
  - From: Julien Cristau <jcristau@debian.org>

References:
- Re: Bits from the Security Team
  - From: Guido Günther <agx@sigxcpu.org>
- Re: Bits from the Security Team
  - From: Jakub Wilk <jwilk@debian.org>
- Re: Bits from the Security Team
  - From: Vincent Danjean <vdanjean.ml@free.fr>

Prev by Date: Re: debian/copyright: how extensive ...
Next by Date: Re: Bits from the Security Team
Previous by thread: Re: Bits from the Security Team
Next by thread: Re: Bits from the Security Team
Index(es):
- Date
- Thread