This patch restricts non-root users to view only their own processes. It's also available at: http://pearls.tuxedo-es.org/patches/security/proc-privacy-1_fs_proc_base.c.patch -- Lorenzo Hernández García-Hierro <[email protected]> [1024D/6F2B2DEC] & [2048g/9AE91A22][http://tuxedo-es.org]
diff -puN fs/proc/base.c~proc-privacy-1 fs/proc/base.c
--- linux-2.6.11/fs/proc/base.c~proc-privacy-1 2005-04-17 17:56:45.623607816 +0200
+++ linux-2.6.11-lorenzo/fs/proc/base.c 2005-04-17 18:01:14.988658104 +0200
@@ -1692,6 +1692,11 @@ struct dentry *proc_pid_lookup(struct in
if (!task)
goto out;
+ if (current->uid && (task->uid != current->uid)) {
+ put_task_struct(task);
+ goto out;
+ }
+
inode = proc_pid_make_inode(dir->i_sb, task, PROC_TGID_INO);
@@ -1699,7 +1704,7 @@ struct dentry *proc_pid_lookup(struct in
put_task_struct(task);
goto out;
}
- inode->i_mode = S_IFDIR|S_IRUGO|S_IXUGO;
+ inode->i_mode = S_IFDIR|S_IRUSR|S_IXUSR;
inode->i_op = &proc_tgid_base_inode_operations;
inode->i_fop = &proc_tgid_base_operations;
inode->i_nlink = 3;
@@ -1783,6 +1788,7 @@ out:
static int get_tgid_list(int index, unsigned long version, unsigned int *tgids)
{
struct task_struct *p;
+ struct task_struct *tmp = current;
int nr_tgids = 0;
index--;
@@ -1803,6 +1809,8 @@ static int get_tgid_list(int index, unsi
int tgid = p->pid;
if (!pid_alive(p))
continue;
+ if (tmp->uid && (p->uid != tmp->uid))
+ continue;
if (--index >= 0)
continue;
tgids[nr_tgids] = tgid;
Attachment:
signature.asc
Description: This is a digitally signed message part
- Follow-Ups:
- Re: [PATCH 2/7] procfs privacy: tasks/processes lookup
- From: Rene Scharfe <[email protected]>
- Re: [PATCH 2/7] procfs privacy: tasks/processes lookup
- From: Rik van Riel <[email protected]>
- Re: [PATCH 2/7] procfs privacy: tasks/processes lookup
- Prev by Date: [PATCH 1/7] procfs privacy: /proc/bus/pci
- Next by Date: [PATCH 0/7] procfs privacy
- Previous by thread: [PATCH 1/7] procfs privacy: /proc/bus/pci
- Next by thread: Re: [PATCH 2/7] procfs privacy: tasks/processes lookup
- Index(es):
 |