conflict between polkit (kde-authentication-agent-1) and /proc fs "hidepid=2" option: regression, or new req't?
PGNet Dev
pgnet.dev at gmail.com
Wed Nov 6 17:01:05 UTC 2019
On 11/6/19 8:32 AM, Jan Rybar wrote:
> If hidepid is a new trend among distributions that turns default,
> please correct me if I'm wrong and should incorporate this into
> installation scripts. Also a link to source would help me a lot.
I _do_ edit my own fstab -- defaults are generally generic/naive and lack hardening.
I can't really comment re "new trend", or what distros intend to "turn default" or recommend; certainly can't suggest "wrong" or "should"!
There _are_ numerous old & current instances of its *mention*; e.g.,
https://wiki.gentoo.org/wiki/Procfs#Restricting_access_to_PID_directories
https://debian-administration.org/article/702/Hiding_processes_from_other_users
https://www.iezzi.ch/process-hiding-hidepid-capabilities-of-procfs/
Here's the requisite systemd "Nope!" discussion,
https://github.com/systemd/systemd/issues/12955
which references the @kernel "let's try this other approach" thread,
https://lwn.net/Articles/738597/
&, here's a discussion that reiterates your workaround for brokenness,
Tip: Dealing with apps that breaks when you implement this technique
https://www.cyberciti.biz/faq/linux-hide-processes-from-other-users/
So, IIUC, nothing clear OR firm :-/
Other than the fact that it (1) wasn't a problem b4, and (2) now it is.
More information about the polkit-devel
mailing list