Re: [RFC][PATCH] Simple privacy enhancement for /proc/pid

2005-04-12 Thread Albert Cahalan
On Sun, 2005-04-10 at 17:38 +0200, Rene Scharfe wrote: Albert, allowing access based on tty sounds nice, but it _is_ expansive. More importantly, perhaps, it would virtualize /proc: every user would see different permissions for certain files in there. That's too comlex for my taste. If you

Re: [RFC][PATCH] Simple privacy enhancement for /proc/pid

2005-04-12 Thread Rene Scharfe
On Tue, Apr 12, 2005 at 01:29:35AM -0400, Albert Cahalan wrote: If you really can't allow access based on tty, then at least allow access if any UID value matches any UID value. Without this, a user can not always see a setuid program they are running. Yes, that's a bug. Below is a new

Re: [RFC][PATCH] Simple privacy enhancement for /proc/pid

2005-04-11 Thread Rene Scharfe
Bodo Eggert schrieb: On Sun, 10 Apr 2005, Rene Scharfe wrote: First, configuring via kernel parameters is sufficient. I don't remember: Would a mount option be equally easy to implement? (Kernel parameters are OK for me, too.) A mount option for procfs would be changable at remount,

[RFC][PATCH] Simple privacy enhancement for /proc/pid

2005-04-10 Thread Rene Scharfe
Hi all, sorry it took me so long before offering another patch for restricting /proc permissions. Real life kept on intervening. Albert, allowing access based on tty sounds nice, but it _is_ expansive. More importantly, perhaps, it would virtualize /proc: every user would see different

Re: [RFC][PATCH] Simple privacy enhancement for /proc/pid

2005-04-10 Thread Bodo Eggert
On Sun, 10 Apr 2005, Rene Scharfe wrote: First, configuring via kernel parameters is sufficient. I don't remember: Would a mount option be equally easy to implement? (Kernel parameters are OK for me, too.) I have another idea: let's keep the details of _every_ process owned by user root