Privacy concerns about how processes are displayed

Apiman

Any user can see all processes running on a Linux Computer and if he uses

ps -Af

even it's command line parameters are shown. Most times there is not much sensible information there, but there might be.

If we open a link from a mail someone has sent to us, it's link address might be visible to everyone in the system. Sometimes we might feel convenient to embed a password in the command line for some automatic process. You shouldn't do that!!, but many programs let you do so and some users might not be aware of it's risks.

I might be wrong, but I don't see a reason why this information should be exposed to all users in a system instead of making it available only for root and the owner of the process. :unsure:

mfillpot

You have brought up a valid concern that I have seen in other places, there are several cases where the output of PS can display too much information about specific user actions. Despite the concerns it has not yet been determined that it warrants modification of the application.

If your concern is great enough then it would be a good idea to visit the project development site at http://procps.sourceforge.net/ to recommend modifications to the code that would limit the output for non-admin users through various means.

Apiman

I guess it should be enough to make the kernel create /proc/<PIDS> with umask=007 for non root users, but I think it should be implemented within the kernel instead. As I'm not a kernel expert I might be wrong.

mfillpot

My though was to simplify a modification to the application itself and have it check the user groups and if the user is not in the adm group only display pids with their own uid, if the user is in the adm group have it display information for all processes.

Apiman

I understand, but if /proc/<pid> rights are not changed, anyone can still access to all processes info, it will just hide the real issue.

mfillpot

Apiman wrote:

I understand, but if /proc/<pid> rights are not changed, anyone can still access to all processes info, it will just hide the real issue.

You have a good point, but I don't think the general users have enough knowledge to consider it a priority issue.

Have you attempting contacting the kernel mailing-list to recommend this change?

Apiman

Searching the kernel mailing-list I've found a patch that tackles this issue, but it seems that it has not be included in mainline:
http://www.mail-archive.com/linux-kernel@vger.kernel.org/msg77864.html

I don't know if any distro implements some kind of patch like this but if someone can give me a clue would be great!

Edit: At least Openwall supports it (http://www.openwall.com/Owl/CHANGES-2.0.shtml)