Re: [PATCH][RFC] Make /proc/<pid> chmod'able

From: Rene Scharfe
Date: Tue Mar 15 2005 - 16:19:09 EST

Albert Cahalan wrote:
This really isn't about security. Privacy may be undesirable.

I agree, privacy is not security. My patch tries to enhance privacy without giving up security.

You think losing the social pressure that comes with mutual surveillance results in loss of security, I don't. Now I think Linux should support both ways and those writing security policies should make the decision.

With privacy comes anti-social behavior. Supposing that the
users do get privacy, perhaps because the have paid for it:

Xen, UML, VM, VMware, separate computers

Going with separate computers is best. Don't forget to use
network traffic control to keep users from being able to
detect the network activity of other users.

That would work, but it requires a *lot* of administrative and computing overhead. Note that "separate computers" alone is not sufficient because most places with more than a few machines have some kind of single signon and run SSH or similar.

[ps, w, top]
They work like they do with a rootkit installed.
Traditional behavior has been broken.

That's one way to put it; you could also say those tools now provide enhanced privacy. ;)

I also think things have changed in the last few years. Since the advent of special data processing laws privacy is taken more serious. Privacy certainly was no real concern when UNIX was young. I also guess it's a cultural thing, its importance being different from country to country.

It's easily visible in the style of public toilets: in some contries you have one big room with no walls in between where all men or women merrily shit together, in other countries (like mine) every person can lock himself into a private closet. Both ways work, there's nothing too special about using a toilet, but I'm simply used to the privacy provided by those thin walls. I assure you, I don't do anything evil in there. :]
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at
Please read the FAQ at