And at last we have the equivalent of security.bsd.see_other_uids in Linux without the need to mess around with grsecurity! This is a security feature I've waited to land in Linux for a LONG time.
This characteristic can be enabled if you have kernel 3.3 (EL6/rhel/centos users can get it from here - thanks ajb!), but hopefully RedHat and other distributions will backport this feature in their kernels, too. The required patches are here and here.
So, how it works? Simple:
- mount /proc with the option "hidepid=1" to stop a regular user to see other processes but his when doing `ps` or `top`
- mount /proc with the option "hidepid=2" to not only stop the user from seeing other processes, but also disables the user's capacity to list /proc/$PIDs that are not his
- mount /proc with the option "hidepid=0" to go back to standard behaviour, all users can see all processes - this is the default
- there is also the "gid=xxx" mount option that lets the specified gid see all processes, even when hidepid is set to 1 or 2
You can read more about it here.
Enjoy!
-
Archive
Tag List
- .ro (1)
- ahci (1)
- anger (1)
- animals (1)
- anime (3)
- antena3 (1)
- antispam (1)
- apache (2)
- arnej (1)
- artica (1)
- ata (1)
- bash (1)
- bbc (1)
- benchmark (1)
- bind (2)
- bios (1)
- bitdefender (1)
- bittorrent (1)
- blade runner (1)
- bootloader (1)
- bsg (1)
- bt (1)
- bunnies (1)
- caching (1)
- centerim (1)
- centos (23)
- cli (2)
- cloudmin (1)
- cosmos (1)
- cp (1)
- curvedns (1)
- cute (1)
- cve-2010-3081 (1)
- davmail (1)
- debian (2)
- dedicated servers (1)
- dell (1)
- desktop (1)
- dexter (1)
- diaspora (1)
- dns (6)
- dnscurve (1)
- documentary (1)
- dolphins (1)
- domu (1)
- download (1)
- dstat (1)
- dumpe2fs (1)
- el (1)
- el6 (8)
- elastix (1)
- elrepo (1)
- elvish (1)
- email (3)
- empathy (1)
- ergo proxy (1)
- exchange (1)
- experiment (1)
- exploit (1)
- fail (19)
- fedora (6)
- film (4)
- flash (2)
- fonts (1)
- fork (2)
- fpaste (1)
- free (1)
- freebsd (2)
- freedom (1)
- fuck this shit (2)
- funny (1)
- gay (1)
- godaddy (1)
- gpt (1)
- hdsentinel (1)
- hello (1)
- hetzner (1)
- honeyroot (1)
- howto (1)
- httpd (1)
- humour (1)
- icann (1)
- im (2)
- imagemagick (1)
- imdb (1)
- internet (4)
- io (1)
- iodine (1)
- ip (2)
- isp (1)
- jabber (1)
- kernel (3)
- kfreebsd (1)
- kvm (1)
- labplot (1)
- libreoffice (1)
- linus (1)
- linux (37)
- mageia (1)
- management (1)
- mandriva (4)
- marketplace (1)
- memory (1)
- microsoft (1)
- milgram (1)
- miyazaki (1)
- mod_security (1)
- mod_substitute (1)
- mongrel (1)
- music (2)
- nice (1)
- notes (8)
- nux (1)
- nx (1)
- offtopic (1)
- openoffice (1)
- openvpn (1)
- optical illusion (1)
- oracle (1)
- p2p (1)
- parallels (1)
- partition table (1)
- partitions (2)
- password (1)
- paste (1)
- pdnsd (1)
- php (3)
- plesk (1)
- policykit (1)
- poweradmin (2)
- powerdns (2)
- pxe (2)
- python (1)
- r210 (1)
- raid (1)
- random (1)
- rbl (1)
- redhat (4)
- redhat 6 (1)
- remount (1)
- repo (4)
- review (1)
- rhel (6)
- rhel 6 (1)
- romania (1)
- routing (1)
- rpm (7)
- rsa (1)
- ruby (3)
- sata (1)
- science (1)
- scientific linux (1)
- scientificlinux (3)
- scientificlinux 6 (1)
- scifi (1)
- security (1)
- security.bsd.see_other_uids (1)
- selinux (1)
- shit (2)
- skype (1)
- small (1)
- smart (1)
- smartctl (2)
- sopa (1)
- spamhaus (1)
- spotify (1)
- stage1 (1)
- stella (1)
- superevil (1)
- tcp (1)
- the big bang theory (1)
- the secret of blue water (1)
- tip (1)
- trance (1)
- transmission (1)
- turktelecom (1)
- ubuntu (2)
- vim (1)
- virginmedia (1)
- virt (2)
- vnc (2)
- vpn (1)
- windows7 (1)
- x86_64 (1)
- xen (2)
- xmas (1)
- xmpp (1)
- yahoo (1)
- yum (4)
RSS Feed
Tools
Show the IP addressRandom password generator
RPM Repos
PHP 5.3 - repo filePHP 5.2 - repo file
Whois client - repo file
Courier suite - repo file
CenterIM - repo file
ImageMagick - repo file
