Patch to allow for privacy-protected /proc
Johannes Bauer
dfnsonfsduifb at gmx.de
Wed Dec 2 10:43:34 PST 2009
Gordon Messmer schrieb:
> On 12/02/2009 05:49 AM, Johannes Bauer wrote:
>> Wow, this is some objective opinion. Do you have something non-insulting
>> to contribute or are you done?
>
> Openwall used to provide a patch for Linux that added some privacy to
> /proc, without completely breaking user access to ps tools. If you're
> interested in resurrecting it, you might be better off chasing that option.
Hmm, the charme of a 750 /proc is that it basically works out-of-the-box
with any vanilla Linux. And this setup does its job nicely in a couple
of servers we set up - unfortunately it breaks hald.
Your code also suggest that this problem was anticipated: support for
initgroups(2) was not completely removed, but made conditional (with the
variable controlling its call hardcoded to 0).
Regards,
Johannes
More information about the hal
mailing list