Alan Coopersmith wrote:
> Richard L. Hamilton wrote:
>> AFAIK, a command needs root (or process owner, or perhaps some
>> fine-grained permission?) to obtain environment variables of other
>> processes, so that could
>> be clamped down on. But /proc makes /proc/*/psinfo publically readable,
>> so anybody can see anyone's command line arguments.
>> What if /proc provided two different views of the contents of a psinfo
>> file,
>> depending on whether the reader was {the same euid as the process owner,
>> root, or had some fine-grained permission}? The unprivileged reader
>> would
>> see it as if pr_psargs had the same contents as pr_fname, while the
>> privileged
>> reader would see it as now, with the greater detail.
Remove the basic 'proc_info' privilege from all users that you don't
want to be able to see others processes.
For just one user:
# usermod -K defaultpriv=!proc_info,basic
For all users on the system, set DEFAULT_PRIV in
/etc/security/policy.conf with the same syntax as above.
Also in many deployments where this is comes up as an issue what people
are really asking for is compartmentalisation and thus Trusted
Extensions should be considered.
--
Darren J Moffat
