[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: encryption

On Sun 22 Apr 2018 at 12:42:04 +0300, Reco wrote:

> On Sun, Apr 22, 2018 at 09:07:04AM +0000, Curt wrote:
> > On 2018-04-22, David Wright <deblis@lionunicorn.co.uk> wrote:
> > >> 
> > >> I am not after winning any races but (seeing as you brought the issue
> > >> up) knowing whether ps sees my secret and how to go about finding that
> > >> out.
> > >
> > > ps might not be the best tool for deliberately finding the info above.
> > > The obvious place to look is /proc/<PID>/cmdline (where NULs separate
> > > the items). One can imagine a scenario where one tries to keep up with
> > > the PID incrementation and hoover up all the cmdlines on the system as
> > > they fly by.
> > >
> > 
> > There is a mount option to the proc filesystem ('hidepid') that appears
> > to be designed to harden against the envisioned scenario (if I'm
> > understanding correctly--may not be the case, though).
> > 
> > https://debian-administration.org/article/702/Hiding_processes_from_other_users
> > 
> > Perhaps this is now obsolete information or something.
> 
> No, it's slightly outdated (they don't put /proc entry in fstab in
> stretch by default), but still useful.
> 
> > Maybe not because in my Stretch man page for proc right at the top
> > I see the hidepid mount option.
> 
> It's in the kernel documentation:
> 
> /usr/share/doc/linux-doc-4.9/Documentation/filesystems/proc.txt.gz
> 
> and it works:
> 
> $ id
> uid=1000(user) gid=1000(user) groups=1000(user)...
> 
> $ mount | grep proc
> proc on /proc type proc (rw,relatime,hidepid=2)
> systemd-1 on /proc/sys/fs/binfmt_misc type autofs (rw,relatime,fd=32,pgrp=1,timeout=0,minproto=5,maxproto=5,direct,pipe_ino=8539)
> binfmt_misc on /proc/sys/fs/binfmt_misc type binfmt_misc (rw,relatime)
> 
> $ ls -d /proc/[0-9]* | wc -l
> 3
> 
> > Here (from 2014)
> > 
> > https://lists.debian.org/debian-devel-announce/2014/03/msg00004.html
> > 
> > it is said "* We're planning to request for hidepid to be enabled by
> >  default (to 1). This will squash an entire class of information leaks. If 
> >  you have any comments or objections, please get in touch with us.
> > 
> > but I can't seem to discover whether that was realized or not--from what
> > you people are saying, I guess not (hidepid=1 doesn't appear as a proc
> > mount option on my upgraded since Methuselah Stretch machine).
> 
> That's because it's not a default setting. My guess is a certain Modern
> Desktop Environment™ breaks somehow if hidepid > 0 is in use. 

Curt's mail was very interesting and well worth posting. Your's is
equally informative. Being able to use hidepid looks like a solution
to  the "... won't the password be revealed by ps while eval is
valuating it?" problem.

However, depending on the system software used, I think it needs a bit
of thinking about. At least, that is what I take away from

 https://bugs.freedesktop.org/show_bug.cgi?id=65575

and

 https://bugzilla.redhat.com/show_bug.cgi?id=1130796

-- 
Brian.
Reply to: