As extracted from grsecurity's config. documentation: "non-root users will only be able to view their own processes, and restricts them from viewing network-related information, and viewing kernel symbol and module information." This is a procfs "privacy" split-up patch based in grsecurity procfs restrictions with some changes, more concretely, the restricted sections and entries are: - /proc/bus /pci - /proc/net - /proc/config.gz - /proc/kallsyms - /proc/ioports - /proc/iomem - /proc/devices - /proc/cmdline - /proc/version - /proc/uptime - /proc/cpuinfo - /proc/partitions - /proc/stat - /proc/interrupts - /proc/slabinfo - /proc/diskstats - /proc/modules - /proc/schedstat Signed-off-by: Lorenzo Hernandez Garcia-Hierro <[email protected]> --- linux-2.6.11-lorenzo/drivers/pci/proc.c | 4 ++-- linux-2.6.11-lorenzo/fs/proc/base.c | 10 +++++++++- linux-2.6.11-lorenzo/fs/proc/proc_misc.c | 25 +++++++++++++------------ linux-2.6.11-lorenzo/fs/proc/root.c | 4 ++-- linux-2.6.11-lorenzo/kernel/configs.c | 2 +- linux-2.6.11-lorenzo/kernel/kallsyms.c | 2 +- linux-2.6.11-lorenzo/kernel/resource.c | 4 ++-- 7 files changed, 30 insertions(+), 21 deletions(-) -- Lorenzo Hernández García-Hierro <[email protected]> [1024D/6F2B2DEC] & [2048g/9AE91A22][http://tuxedo-es.org]
Attachment:
signature.asc
Description: This is a digitally signed message part
- Follow-Ups:
- Re: [PATCH 0/7] procfs privacy
- From: Rik van Riel <[email protected]>
- Re: [PATCH 0/7] procfs privacy
- Prev by Date: [PATCH 2/7] procfs privacy: tasks/processes lookup
- Next by Date: [PATCH 4/7] procfs privacy: /proc/bus & /proc/net directory entries
- Previous by thread: [PATCH 2/7] procfs privacy: tasks/processes lookup
- Next by thread: Re: [PATCH 0/7] procfs privacy
- Index(es):
 |