:: Re: [DNG] Another multi-user issue
トップ ページ
このメッセージを削除
このメッセージに返信
著者: Boruch Baum
日付:  
To: dng
題目: Re: [DNG] Another multi-user issue
On 04/04/2016 11:22 AM, Rainer Weikusat wrote:
> Boruch Baum <boruch_baum@???> writes:
>> Please consider setting the default /etc/fstab to include:
>>
>> proc            /proc           proc    defaults,hidepid=2

>>
>> This has the effect of keeping the specific activities, process
>> ids, command lines and parameters of a user from other users.
>
> If you think that's useful to you, why don't you just use it.

I do.

> It's not useful to me[*] and - IMHO - generally useless on any system
> where more than one user with privileged access works on a
> cooperative projects.

My understanding is that the intention of the design of the UNIX
architecture in such cases is to have members of a 'project' be assigned
a similar 'group' to allow mutual 'group' access.

> [*] "Everyday real-world example": One of the things I'm dealing with
> is a proprietary racoon fork part of a VPN product for mobiles
> (hefty simplification). I usually don't work on code as root but in
> case I need to run a debugging session, I have to run the debugger as
> root as it will need to be able to control a privileged process,
> namely, the IKE daemon. Being prevented from seeing my own processes
> via ps because they happen to be running with elevated privileges
> would at least be a nuisance.

You're trying to make a case for lowering system security using an
example of a project meant to raise system security. It seems to me, as
an outsider to your case, that you would be compromising your ipsec
efforts with the large and elementary security hole you're willing to
make - to allow any one / any process to see every other.

Another approach I've seen in some linux distributions intended for
security / forensic research and testing is to expect the user to always
be running as root (Kali linux comes to mind in that regard).

As a security-conscious person, you seem to be advocating a default of
lack-of-security, where the universal set of devuan users would have to
a] be aware of the vulnerability, and b] take a positive action to
opt-in to be secure.

My position is that this is a basic security precaution that should be
opt-out, not opt-in. Most users won't notice, except possibly for lack
of clutter in their htop / ps -aux output. More sophisticated users with
a specific need like yours can make the judgment call, as masters of
their own destiny, to drop the feature (or set up some other access
control regimen),

Finally, in the case you mentioned, I'm not certain I understand what
you mean when you say you would be "prevented from seeing my own
processes via ps because they happen to be running with elevated
privileges" - you said earlier that you run the debugger as root, and as
root you would be seeing ALL processes. If you're not running as root,
you would still be seeing all the other processes of your shared group.

--
hkp://keys.gnupg.net
CA45 09B5 5351 7C11 A9D1 7286 0036 9E45 1595 8BC0