Re: SCSI device numbering (was: Re: Ideas for v2.1

Chris Evans (chris@ferret.lmh.ox.ac.uk)
Wed, 3 Jul 1996 19:42:08 +0100 (BST)


On Wed, 3 Jul 1996, Lars Marowsky-Bree wrote:

> > I am currently running 2.0 + a patch of my own design which adds a
> > (mode_t) variable to struct task. This variable represents the permission
> > on a /proc/<pid> directory, and is changeable via chmod() by the owner of
> > a given task. Works like a charm, a user does chmod og-rwx /proc/<pid>
> > and the process magically disappers from all displays of ps/top/etc.
> > executed by other users. Good for privacy. Option to use chmod on just
> > the cmdline of a process is provided too.
>
> I would really like this feature at least for root. I have always been
> wondering why users should be able to trace and analyse root processes.

Indeed. And I've always wondered why users can see what other users are
doing, eg command + commandline.

> Of course, those /proc-access permissions need to be inherited by a forked
> child.

Happens automatically since the variable is a member of the task
structure. System defaults can hence be set by setting an appropriate
value for the init process or other high level daemon.

If you're interested take a look at
ftp://ftp.lmh.ox.ac.uk/pub/linux/kernel/patch/kdiffs-prochide+acct-2

Modifying the patch so only root can change permissions around will
require trivial addition of a call to suser().

I apologise that above patch has some process accounting changes merged
in too (causing lastcomm etc. to need recompilation), but they can be
separated out easily (might get around to it myself soon and further
improve process accounting to include pid etc. as suggested on this list).

Chris.