Re: [PATCH 2/7] procfs privacy: tasks/processes lookup

2005-04-20 Thread Rene Scharfe
Lorenzo Hernández García-Hierro schrieb:
 This patch restricts non-root users to view only their own processes.

You may also want to have a look at the patches I submitted over the
last few weeks that restricted some file permissions in /proc/pid/ and
the comments I received.

Regards,
Rene
-
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/


[PATCH 2/7] procfs privacy: tasks/processes lookup

2005-04-18 Thread Lorenzo Hernández García-Hierro
This patch restricts non-root users to view only their own processes.

It's also available at:
http://pearls.tuxedo-es.org/patches/security/proc-privacy-1_fs_proc_base.c.patch

-- 
Lorenzo Hernández García-Hierro [EMAIL PROTECTED] 
[1024D/6F2B2DEC]  [2048g/9AE91A22][http://tuxedo-es.org]
diff -puN fs/proc/base.c~proc-privacy-1 fs/proc/base.c
--- linux-2.6.11/fs/proc/base.c~proc-privacy-1	2005-04-17 17:56:45.623607816 +0200
+++ linux-2.6.11-lorenzo/fs/proc/base.c	2005-04-17 18:01:14.988658104 +0200
@@ -1692,6 +1692,11 @@ struct dentry *proc_pid_lookup(struct in
 	if (!task)
 		goto out;
 
+	if (current-uid  (task-uid != current-uid)) {
+		put_task_struct(task);
+		goto out;
+	}
+
 	inode = proc_pid_make_inode(dir-i_sb, task, PROC_TGID_INO);
 
 
@@ -1699,7 +1704,7 @@ struct dentry *proc_pid_lookup(struct in
 		put_task_struct(task);
 		goto out;
 	}
-	inode-i_mode = S_IFDIR|S_IRUGO|S_IXUGO;
+	inode-i_mode = S_IFDIR|S_IRUSR|S_IXUSR;
 	inode-i_op = proc_tgid_base_inode_operations;
 	inode-i_fop = proc_tgid_base_operations;
 	inode-i_nlink = 3;
@@ -1783,6 +1788,7 @@ out:
 static int get_tgid_list(int index, unsigned long version, unsigned int *tgids)
 {
 	struct task_struct *p;
+	struct task_struct *tmp = current;
 	int nr_tgids = 0;
 
 	index--;
@@ -1803,6 +1809,8 @@ static int get_tgid_list(int index, unsi
 		int tgid = p-pid;
 		if (!pid_alive(p))
 			continue;
+		if (tmp-uid  (p-uid != tmp-uid))
+			continue;
 		if (--index = 0)
 			continue;
 		tgids[nr_tgids] = tgid;


signature.asc
Description: This is a digitally signed message part


Re: [PATCH 2/7] procfs privacy: tasks/processes lookup

2005-04-18 Thread Rik van Riel
On Mon, 18 Apr 2005, Lorenzo Hernández García-Hierro wrote:

 This patch restricts non-root users to view only their own processes.

This looks like a very bad default to me!

Your patch would force people to run system monitoring
applications as root, because otherwise they cannot get
some of the information they can get now.  Forcing that
these applications run with root rights is a security
risk, not a benefit...

-- 
Debugging is twice as hard as writing the code in the first place.
Therefore, if you write the code as cleverly as possible, you are,
by definition, not smart enough to debug it. - Brian W. Kernighan

Re: [PATCH 2/7] procfs privacy: tasks/processes lookup

2005-04-18 Thread Lorenzo Hernández García-Hierro
El lun, 18-04-2005 a las 15:24 -0400, Rik van Riel escribió:
 This looks like a very bad default to me!
 
 Your patch would force people to run system monitoring
 applications as root, because otherwise they cannot get
 some of the information they can get now.  Forcing that
 these applications run with root rights is a security
 risk, not a benefit...

Right, that's why I would say fall back to the config. option
behavior, trusting in a certain user group defined in configuration-time
or via sysctl, or just keeping it simple as it's right now, split up so
anyone can decide what to apply and what shouldn't be applied.

Cheers,
-- 
Lorenzo Hernández García-Hierro [EMAIL PROTECTED] 
[1024D/6F2B2DEC]  [2048g/9AE91A22][http://tuxedo-es.org]


signature.asc
Description: This is a digitally signed message part