Patch to allow for privacy-protected /proc
Johannes Bauer
dfnsonfsduifb at gmx.de
Wed Dec 2 04:42:47 PST 2009
Dear list,
I've proposed a patch to the Gentoo developers, as HAL is in
maintenance mode ("no new features are added"). However, I was
redirected to you ("You actually want to submit such patch upstream"),
which is why I will repost my original message here. The original
posting be found at https://bugs.gentoo.org/show_bug.cgi?id=294939 .
I've not attached the (trivial) patch here, but it is available at
https://bugs.gentoo.org/attachment.cgi?id=211392 .
Kind regards,
Johannes
Original message follows:
Having /proc with 755 is a privacy problem: Another user can, for
example, see by using "ps" what movies others are watching, etc. A
solution for this is making /proc 750 and chown it to root:procers. Only
users who are added to procers may monitor proc support.
In order to get hald running that way, the "haldaemon" user obviously
has to be added to the procers group. When everything is set up this
way, hald still will refuse to work and crash immediately on startup.
This is because the hald developers are not calling initgroups(2).
Obviously, auxiliary groups are not needed to be initialized when /proc
has 755 permissions.
However, in a setup like the above described, it is necessary for hald
to perform the initgroups(2) call. Luckily, the change to the code is
minimal as such a thing was already thought of (the appropriate function
receives a parameter, which is in the current code always set to "0"
however).
The patch I propose (because HAL is out of maintenance and they won't
accept patches) will enable the user to supply a command line parameter
which will optionally enable auxiliary group support
("--keep-auxgroups"). If it is not specified, everything will run normally.
Reproducible: Always
Steps to Reproduce:
1. chmod 750 /proc
2. chown root:procers /proc
3. Add "haldaemon" to "procers" groups
4. Start hald
Actual Results:
09:59:12.577 [I] hald.c:671: hal 0.5.12rc1
09:59:12.577 [I] hald.c:736: Will not daemonize
09:59:12.577 [I] hald_dbus.c:5417: local server is listening at
unix:abstract=/var/run/hald/dbus-zf0EZzH5vG,guid=298760b1518ad88b9c6405a84b10e660
09:59:12.578 [I] ck-tracker.c:391: got seat
'/org/freedesktop/ConsoleKit/Seat1'
09:59:12.579 [I] ck-tracker.c:321: got session
'/org/freedesktop/ConsoleKit/Session2' for seat
'/org/freedesktop/ConsoleKit/Seat1'
09:59:12.579 [I] ck-tracker.c:274: Got active state (ACTIVE) and uid 1000 on
session '/org/freedesktop/ConsoleKit/Session2'
09:59:12.579 [I] ck-tracker.c:342: Got all sessions on seat
'/org/freedesktop/ConsoleKit/Seat1'
09:59:12.579 [I] ck-tracker.c:418: Got seats
09:59:12.579 [I] ck-tracker.c:816: Got seats and sessions
Runner started - allowed paths are
'/usr/libexec:/usr/lib64/hal/scripts:/usr/bin'
09:59:12.581 [I] hald_runner.c:301: Runner has pid 4358
09:59:12.581 [I] hald_runner.c:182: runner connection is 0x664320
09:59:12.581 [W] osspec.c:383: Unable to open /proc/mdstat: No such file or
directory
09:59:12.582 [I] mmap_cache.c:274: cache mtime is 1257707879
*** [DIE] osspec.c:osspec_init():439 : Unable to read /proc/mounts
Expected Results:
Hald starts nicely.
More information about the hal
mailing list