How to hide process arguments from other users?

Posted by poolie on Ask Ubuntu See other posts from Ask Ubuntu or by poolie
Published on 2010-11-17T01:51:50Z Indexed on 2011/01/30 15:33 UTC
Read the original article Hit count: 217

Filed under:
|

A while ago, I used to use the grsecurity kernel patches, which had an option to hide process arguments from other non-root users. Basically this just made /proc/*/cmdline be mode 0600, and ps handles that properly by showing that the process exists but not its arguments.

This is kind of nice if someone on a multiuser machine is running say vi christmas-presents.txt, to use the canonical example.

Is there any supported way to do this in Ubuntu, other than by installing a new kernel?

(I'm familiar with the technique that lets individual programs alter their argv, but most programs don't do that and anyhow it is racy. This stackoverflow user seems to be asking the same question, but actually just seems very confused.)

© Ask Ubuntu or respective owner

Related posts about kernel

Related posts about security