On 11/6/19 8:32 AM, Jan Rybar wrote: > If hidepid is a new trend among distributions that turns default, > please correct me if I'm wrong and should incorporate this into > installation scripts. Also a link to source would help me a lot.
I _do_ edit my own fstab -- defaults are generally generic/naive and lack hardening. I can't really comment re "new trend", or what distros intend to "turn default" or recommend; certainly can't suggest "wrong" or "should"! There _are_ numerous old & current instances of its *mention*; e.g., https://wiki.gentoo.org/wiki/Procfs#Restricting_access_to_PID_directories https://debian-administration.org/article/702/Hiding_processes_from_other_users https://www.iezzi.ch/process-hiding-hidepid-capabilities-of-procfs/ Here's the requisite systemd "Nope!" discussion, https://github.com/systemd/systemd/issues/12955 which references the @kernel "let's try this other approach" thread, https://lwn.net/Articles/738597/ &, here's a discussion that reiterates your workaround for brokenness, Tip: Dealing with apps that breaks when you implement this technique https://www.cyberciti.biz/faq/linux-hide-processes-from-other-users/ So, IIUC, nothing clear OR firm :-/ Other than the fact that it (1) wasn't a problem b4, and (2) now it is. _______________________________________________ polkit-devel mailing list polkit-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/polkit-devel
