On Sun 22 Apr 2018 at 12:42:04 +0300, Reco wrote: > On Sun, Apr 22, 2018 at 09:07:04AM +0000, Curt wrote: > > On 2018-04-22, David Wright <[email protected]> wrote: > > >> > > >> I am not after winning any races but (seeing as you brought the issue > > >> up) knowing whether ps sees my secret and how to go about finding that > > >> out. > > > > > > ps might not be the best tool for deliberately finding the info above. > > > The obvious place to look is /proc/<PID>/cmdline (where NULs separate > > > the items). One can imagine a scenario where one tries to keep up with > > > the PID incrementation and hoover up all the cmdlines on the system as > > > they fly by. > > > > > > > There is a mount option to the proc filesystem ('hidepid') that appears > > to be designed to harden against the envisioned scenario (if I'm > > understanding correctly--may not be the case, though). > > > > https://debian-administration.org/article/702/Hiding_processes_from_other_users > > > > Perhaps this is now obsolete information or something. > > No, it's slightly outdated (they don't put /proc entry in fstab in > stretch by default), but still useful. > > > Maybe not because in my Stretch man page for proc right at the top > > I see the hidepid mount option. > > It's in the kernel documentation: > > /usr/share/doc/linux-doc-4.9/Documentation/filesystems/proc.txt.gz > > and it works: > > $ id > uid=1000(user) gid=1000(user) groups=1000(user)... > > $ mount | grep proc > proc on /proc type proc (rw,relatime,hidepid=2) > systemd-1 on /proc/sys/fs/binfmt_misc type autofs > (rw,relatime,fd=32,pgrp=1,timeout=0,minproto=5,maxproto=5,direct,pipe_ino=8539) > binfmt_misc on /proc/sys/fs/binfmt_misc type binfmt_misc (rw,relatime) > > $ ls -d /proc/[0-9]* | wc -l > 3 > > > Here (from 2014) > > > > https://lists.debian.org/debian-devel-announce/2014/03/msg00004.html > > > > it is said "* We're planning to request for hidepid to be enabled by > > default (to 1). This will squash an entire class of information leaks. If > > you have any comments or objections, please get in touch with us. > > > > but I can't seem to discover whether that was realized or not--from what > > you people are saying, I guess not (hidepid=1 doesn't appear as a proc > > mount option on my upgraded since Methuselah Stretch machine). > > That's because it's not a default setting. My guess is a certain Modern > Desktop Environment™ breaks somehow if hidepid > 0 is in use.
Curt's mail was very interesting and well worth posting. Your's is equally informative. Being able to use hidepid looks like a solution to the "... won't the password be revealed by ps while eval is valuating it?" problem. However, depending on the system software used, I think it needs a bit of thinking about. At least, that is what I take away from https://bugs.freedesktop.org/show_bug.cgi?id=65575 and https://bugzilla.redhat.com/show_bug.cgi?id=1130796 -- Brian.
