Re: procfs: boot- and runtime configurable access mode for /proc/<pid>dirs

From: Christian Kujau
Date: Fri Mar 25 2011 - 17:24:55 EST



Not sure If I understand correctly, but:

On Thu, 24 Mar 2011 at 20:37, Al Viro wrote:
> Bull. /proc/<pid>/foo contents is sensitive, your patch doesn't do
> you any good. fork(), open /proc/<child's PID>/foo in parent, then
> exec suid-root binary in child.

...you would have to roll your own suid-root binary to be able to look
into other /proc/PID directories, no? But making a binary suid-root
requires root to begin with.

I'd love to finally have a more restrictive /proc directory. Even if it
only makes things "harder" (not necessarily "impossible") to get
information from user users on the same box.

Christian.
--
BOFH excuse #216:

What office are you in? Oh, that one. Did you know that your building was built over the universities first nuclear research site? And wow, aren't you the lucky one, your office is right over where the core is buried!
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/