Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Mon, 16 Jan 2017 14:23:02 +0100
From: Djalal Harouni <tixxdz@...il.com>
To: linux-kernel@...r.kernel.org,
	kernel-hardening@...ts.openwall.com
Cc: Andrew Morton <akpm@...ux-foundation.org>,
	Kees Cook <keescook@...omium.org>,
	Lafcadio Wluiki <wluikil@...il.com>,
	Djalal Harouni <tixxdz@...il.com>
Subject: [PATCH v4 0/2] procfs/tasks: introduce per-task procfs hidepid= field

From: Djalal Harouni <tixxdz@...il.com>

Hi,

I'm sending this series again based on Lafcadio's previous patches.
I have also fixed some issues and tested the code.

This adds a new per-task hidepid= flag that is honored by procfs when
presenting /proc to the user, in addition to the existing hidepid= mount
option.

One suggested change to add 'ns_capable(CAP_SYS_ADMIN)||no_new_privs' test
before setting the hidepid was not included in this series, however I
can add it. This change was not incorporated since it may be good for
some setuid or even file capabilities programs to not access /proc, yes this
may influence setuid programs but I am not sure if this is really a
problem in this case. As stated I can add it if requested. Thanks!


v4 changes:
Patch 0001 procfs: use an enum for possible hidepid values
        * Was already acked and proposed to be added to -mm branch.

Patch 0002 procfs/tasks: add a simple per-task procfs hidepid= field
        * Document HidePid in Documentation/filesystem/proc.txt
        * Switch to max() as suggested by Kees Cook.
        * Fix compiler warnings
        * Check all prctl() arguments and fail if unused ones are set.
        * Make PR_GET_HIDEPID return the task hidpid value as a result
          of prctl() syscall.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.