Rene Scharfe <[EMAIL PROTECTED]> wrote: > > Add proc.umask kernel parameter. It can be used to restrict permissions > on the numerical directories in the root of a proc filesystem, i.e. the > directories containing process specific information. > > E.g. add proc.umask=077 to your kernel command line and all users except > root can only see their own process details (like command line > parameters) with ps or top. It can be useful to add a bit of privacy to > multi-user servers. > > The patch has been inspired by a similar feature in GrSecurity. > > It could have also been implemented as a mount option to procfs, but at > a higher cost and no apparent benefit -- changes to this umask are not > supposed to happen very often. Actually, the previous incarnation of > this patch was implemented as a half-assed mount option, but I didn't > know then how easy it is to add a kernel parameter.
The feature seems fairly obscure, although very simple. Is anyone actually likely to use this? > > +static umode_t umask = 0; a) I think the above should be called proc_umask. b) You shouldn't initialise it. c) When adding a kernel parameter you should update Documentation/kernel-parameters.txt - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
