How to hide process arguments from other users?
Posted
by
poolie
on Ask Ubuntu
See other posts from Ask Ubuntu
or by poolie
Published on 2010-11-17T01:51:50Z
Indexed on
2011/01/30
15:33 UTC
Read the original article
Hit count: 217
A while ago, I used to use the grsecurity kernel patches, which had an option to hide process arguments from other non-root users. Basically this just made /proc/*/cmdline
be mode 0600, and ps
handles that properly by showing that the process exists but not its arguments.
This is kind of nice if someone on a multiuser machine is running say vi christmas-presents.txt
, to use the canonical example.
Is there any supported way to do this in Ubuntu, other than by installing a new kernel?
(I'm familiar with the technique that lets individual programs alter their argv, but most programs don't do that and anyhow it is racy. This stackoverflow user seems to be asking the same question, but actually just seems very confused.)
© Ask Ubuntu or respective owner