| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 15 Dec 2015 11:16:38 +0300 From: Evgenii Shatokhin <eshatokhin@...n.com> To: Vasiliy Kulikov <segooon@...il.com> CC: LKML <linux-kernel@...r.kernel.org> Subject: hidepid=2 and dumpability (Sorry, forgot to CC LKML yesterday, resending.) Hi, Could you shed some light on the implementation of 'hidepid' option for procfs in the Linux kernel? As far as I can see, has_pid_permissions() eventually calls ptrace_may_access(task, PTRACE_MODE_READ). This way, if hidepid=2 is used, the ordinary users will see only those of their own processes, which are dumpable. For example, the processes that changed credentials or were marked as non-dumpable with prctl() will remain invisible to their owners. Isn't that an overkill? Or perhaps, there is a security risk if a user could read the contents of /proc/<pid> for these processes? I stumbled upon this while experimenting with hidepid=2 in a Virtuozzo container. If I login to the container as an ordinary user via SSH, one of the sshd processes (owned by the user) in the container is not visible to that user. I checked in runtime that it is the dumpability check in the kernel that fails in __ptrace_may_access(). The kernel is based on the version 3.10.x, but it should not matter much in this case. Any ideas? Thanks in advance. Regards, Evgenii -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists