(Sorry, forgot to CC LKML yesterday, resending.) Hi,
Could you shed some light on the implementation of 'hidepid' option for procfs in the Linux kernel?
As far as I can see, has_pid_permissions() eventually calls ptrace_may_access(task, PTRACE_MODE_READ). This way, if hidepid=2 is used, the ordinary users will see only those of their own processes, which are dumpable.
For example, the processes that changed credentials or were marked as non-dumpable with prctl() will remain invisible to their owners. Isn't that an overkill?
Or perhaps, there is a security risk if a user could read the contents of /proc/<pid> for these processes?
I stumbled upon this while experimenting with hidepid=2 in a Virtuozzo container. If I login to the container as an ordinary user via SSH, one of the sshd processes (owned by the user) in the container is not visible to that user. I checked in runtime that it is the dumpability check in the kernel that fails in __ptrace_may_access().
The kernel is based on the version 3.10.x, but it should not matter much in this case.
Any ideas? Thanks in advance. Regards, Evgenii -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
