Since I already had my hands in the tpe-lkm code yesterday, I decided to spend my lunch break coding a feature I’ve been meaning to add in for a while now.

I added a new ps extras feature. Since it doesn’t have to do with the “trusted path”, I added it to the “extras” in the configuration. It’s similar to grsecurity’s “Proc restrictions” where “the permissions of the /proc filesystem will be altered to enhance system security and privacy”. Basically, non-root users won’t be able to view the processes they don’t own.

When they do a “ps” command, they’ll basically see:

[[email protected] ~]$ ps auxf
USER       PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
user      9678  0.0  0.6  97628  1692 ?        S    13:09   0:00 sshd: [email protected]/0
user      9679  0.0  0.7 108284  1932 pts/0    Ss   13:09   0:00  _ -bash
user     10295  0.0  0.4 108004  1004 pts/0    R+   13:10   0:00      _ ps auxf

The “user” can only see processes owned by “user”. Nothing else. The root user will still see all processes.

Have fun with this!