On 2018-04-22, David Wright <deb...@lionunicorn.co.uk> wrote:
>>
>> I am not after winning any races but (seeing as you brought the issue
>> up) knowing whether ps sees my secret and how to go about finding that
>> out.
>
> ps might not be the best tool for deliberately finding the info above.
> The obvious place to look is /proc/<PID>/cmdline (where NULs separate
> the items). One can imagine a scenario where one tries to keep up with
> the PID incrementation and hoover up all the cmdlines on the system as
> they fly by.
>
There is a mount option to the proc filesystem ('hidepid') that appears
to be designed to harden against the envisioned scenario (if I'm
understanding correctly--may not be the case, though).
https://debian-administration.org/article/702/Hiding_processes_from_other_users
Perhaps this is now obsolete information or something.
Maybe not because in my Stretch man page for proc right at the top
I see the hidepid mount option.
Here (from 2014)
https://lists.debian.org/debian-devel-announce/2014/03/msg00004.html
it is said "* We're planning to request for hidepid to be enabled by
default (to 1). This will squash an entire class of information leaks. If
you have any comments or objections, please get in touch with us.
but I can't seem to discover whether that was realized or not--from what
you people are saying, I guess not (hidepid=1 doesn't appear as a proc
mount option on my upgraded since Methuselah Stretch machine).
Anywho, excuses for the incoherent and perhaps ignorant posting.
--
"Three prisoners were locked in a cell. When the largest of them finished his
food, he immediately ate the others. Too bad. An apostrophe in the right place
might have prevented a horrible crime." Joe Gunn
