Since I already had my hands in the tpe-lkm code yesterday, I decided to spend my lunch break coding a feature I’ve been meaning to add in for a while now.
I added a new ps extras feature. Since it doesn’t have to do with the “trusted path”, I added it to the “extras” in the configuration. It’s similar to grsecurity’s “Proc restrictions” where “the permissions of the /proc filesystem will be altered to enhance system security and privacy”. Basically, non-root users won’t be able to view the processes they don’t own.
When they do a “ps” command, they’ll basically see:
[[email protected] ~]$ ps auxf USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND user 9678 0.0 0.6 97628 1692 ? S 13:09 0:00 sshd: [email protected]/0 user 9679 0.0 0.7 108284 1932 pts/0 Ss 13:09 0:00 _ -bash user 10295 0.0 0.4 108004 1004 pts/0 R+ 13:10 0:00 _ ps auxf
The “user” can only see processes owned by “user”. Nothing else. The root user will still see all processes.
Have fun with this!