Linux.com

Home Linux Community Forums Linux System Administration System Management Privacy concerns about how processes are displayed

Privacy concerns about how processes are displayed

Link to this post 05 Jan 11

Any user can see all processes running on a Linux Computer and if he uses

ps -Af
even it's command line parameters are shown. Most times there is not much sensible information there, but there might be.
If we open a link from a mail someone has sent to us, it's link address might be visible to everyone in the system. Sometimes we might feel convenient to embed a password in the command line for some automatic process. You shouldn't do that!!, but many programs let you do so and some users might not be aware of it's risks.
I might be wrong, but I don't see a reason why this information should be exposed to all users in a system instead of making it available only for root and the owner of the process. :unsure:

Link to this post 05 Jan 11

You have brought up a valid concern that I have seen in other places, there are several cases where the output of PS can display too much information about specific user actions. Despite the concerns it has not yet been determined that it warrants modification of the application.

If your concern is great enough then it would be a good idea to visit the project development site at http://procps.sourceforge.net/ to recommend modifications to the code that would limit the output for non-admin users through various means.

Link to this post 06 Jan 11

I guess it should be enough to make the kernel create /proc/<PIDS> with umask=007 for non root users, but I think it should be implemented within the kernel instead. As I'm not a kernel expert I might be wrong.

Link to this post 06 Jan 11

My though was to simplify a modification to the application itself and have it check the user groups and if the user is not in the adm group only display pids with their own uid, if the user is in the adm group have it display information for all processes.

Link to this post 06 Jan 11

I understand, but if /proc/<pid> rights are not changed, anyone can still access to all processes info, it will just hide the real issue.

Link to this post 07 Jan 11

Apiman wrote:

I understand, but if /proc/<pid> rights are not changed, anyone can still access to all processes info, it will just hide the real issue.

You have a good point, but I don't think the general users have enough knowledge to consider it a priority issue.

Have you attempting contacting the kernel mailing-list to recommend this change?

Who we are ?

The Linux Foundation is a non-profit consortium dedicated to the growth of Linux.

More About the foundation...

Frequent Questions

Join / Linux Training / Board