hidepid capabilities of procfsWed 01 May 2013 by admin
RHEL 5.9 introduces new feature which allow to hide some sensitive information about process activity to non-root users. Release notes about new RHEL version doesn't tell us too much:
Restricting Access to /proc/<PID>/ The hidepid= and gid= mount options have been added to procfs to allow restricting of access to /proc/<PID>/ directories.
more technical information about this patch is on http://www.openwall.com/lists/kernel-hardening/2011/11/15/3
how it looks like in practice:
# mount | grep ^proc proc on /proc type proc (rw) # mount -o remount,hidepid=1 /proc $ ps ax PID TTY STAT TIME COMMAND 2054 pts/0 S 0:00 -bash 2084 pts/0 R+ 0:00 ps ax $ ls -ld /proc/[0-9]* dr-xr-xr-x 6 root root 0 May 1 13:29 /proc/1 dr-xr-xr-x 6 root root 0 May 1 13:29 /proc/10 $ ls -l /proc/[0-9]* ls: /proc/1: Operation not permitted ls: /proc/10: Operation not permitted ... # mount -o remount,hidepid=2 /proc $ ps ax PID TTY STAT TIME COMMAND 2189 pts/0 S 0:00 -bash 2218 pts/0 R+ 0:00 ps ax $ ls -ld /proc/[0-9]* dr-xr-xr-x 6 w.duranek domain users 0 May 1 13:31 /proc/2189 $ id uid=10000(w.duranek) gid=10(wheel) # mount -o remount,hidepid=2,gid=10 /proc $ ps ax PID TTY STAT TIME COMMAND 1 ? Ss 0:03 init  2 ? S< 0:00 [migration/0] 3 ? SN 0:00 [ksoftirqd/0] ...