This patch restricts non-root users to view only their own processes. It's also available at: http://pearls.tuxedo-es.org/patches/security/proc-privacy-1_fs_proc_base.c.patch -- Lorenzo Hernández García-Hierro <[email protected]> [1024D/6F2B2DEC] & [2048g/9AE91A22][http://tuxedo-es.org]
diff -puN fs/proc/base.c~proc-privacy-1 fs/proc/base.c --- linux-2.6.11/fs/proc/base.c~proc-privacy-1 2005-04-17 17:56:45.623607816 +0200 +++ linux-2.6.11-lorenzo/fs/proc/base.c 2005-04-17 18:01:14.988658104 +0200 @@ -1692,6 +1692,11 @@ struct dentry *proc_pid_lookup(struct in if (!task) goto out; + if (current->uid && (task->uid != current->uid)) { + put_task_struct(task); + goto out; + } + inode = proc_pid_make_inode(dir->i_sb, task, PROC_TGID_INO); @@ -1699,7 +1704,7 @@ struct dentry *proc_pid_lookup(struct in put_task_struct(task); goto out; } - inode->i_mode = S_IFDIR|S_IRUGO|S_IXUGO; + inode->i_mode = S_IFDIR|S_IRUSR|S_IXUSR; inode->i_op = &proc_tgid_base_inode_operations; inode->i_fop = &proc_tgid_base_operations; inode->i_nlink = 3; @@ -1783,6 +1788,7 @@ out: static int get_tgid_list(int index, unsigned long version, unsigned int *tgids) { struct task_struct *p; + struct task_struct *tmp = current; int nr_tgids = 0; index--; @@ -1803,6 +1809,8 @@ static int get_tgid_list(int index, unsi int tgid = p->pid; if (!pid_alive(p)) continue; + if (tmp->uid && (p->uid != tmp->uid)) + continue; if (--index >= 0) continue; tgids[nr_tgids] = tgid;
Attachment:
signature.asc
Description: This is a digitally signed message part
- Follow-Ups:
- Re: [PATCH 2/7] procfs privacy: tasks/processes lookup
- From: Rene Scharfe <[email protected]>
- Re: [PATCH 2/7] procfs privacy: tasks/processes lookup
- From: Rik van Riel <[email protected]>
- Re: [PATCH 2/7] procfs privacy: tasks/processes lookup
- Prev by Date: [PATCH 1/7] procfs privacy: /proc/bus/pci
- Next by Date: [PATCH 0/7] procfs privacy
- Previous by thread: [PATCH 1/7] procfs privacy: /proc/bus/pci
- Next by thread: Re: [PATCH 2/7] procfs privacy: tasks/processes lookup
- Index(es):