1 files changed, 42 insertions, 0 deletions
diff --git a/Documentation/filesystems/proc.txt b/Documentation/filesystems/proc.txt
index 0ec91f03422e..a76a26a1db8a 100644
--- a/Documentation/filesystems/proc.txt
+++ b/Documentation/filesystems/proc.txt
@@ -41,6 +41,8 @@ Table of Contents
  3.5   /proc/<pid>/mountinfo - Information about mounts
  3.6   /proc/<pid>/comm  & /proc/<pid>/task/<tid>/comm
+  4     Configuring procfs
+  4.1   Mount options
 ------------------------------------------------------------------------------
 Preface
@@ -305,6 +307,9 @@ Table 1-4: Contents of the stat files (as of 2.6.30-rc7)
  blkio_ticks   time spent waiting for block IO
  gtime         guest time of the task in jiffies
  cgtime        guest time of the task children in jiffies
+  start_data    address above which program data+bss is placed
+  end_data      address below which program data+bss is placed
+  start_brk     address above which program heap can be expanded with brk()
 ..............................................................................
 The /proc/PID/maps file containing the currently mapped memory regions and
@@ -1542,3 +1547,40 @@ a task to set its own or one of its thread siblings comm value. The comm value
 is limited in size compared to the cmdline value, so writing anything longer
 then the kernel's TASK_COMM_LEN (currently 16 chars) will result in a truncated
 comm value.
+------------------------------------------------------------------------------
+Configuring procfs
+------------------------------------------------------------------------------
+4.1     Mount options
+---------------------
+The following mount options are supported:
+        hidepid=        Set /proc/<pid>/ access mode.
+        gid=            Set the group authorized to learn processes information.
+hidepid=0 means classic mode - everybody may access all /proc/<pid>/ directories
+(default).
+hidepid=1 means users may not access any /proc/<pid>/ directories but their
+own.  Sensitive files like cmdline, sched*, status are now protected against
+other users.  This makes it impossible to learn whether any user runs
+specific program (given the program doesn't reveal itself by its behaviour).
+As an additional bonus, as /proc/<pid>/cmdline is unaccessible for other users,
+poorly written programs passing sensitive information via program arguments are
+now protected against local eavesdroppers.
+hidepid=2 means hidepid=1 plus all /proc/<pid>/ will be fully invisible to other
+users.  It doesn't mean that it hides a fact whether a process with a specific
+pid value exists (it can be learned by other means, e.g. by "kill -0 $PID"),
+but it hides process' uid and gid, which may be learned by stat()'ing
+/proc/<pid>/ otherwise.  It greatly complicates an intruder's task of gathering
+information about running processes, whether some daemon runs with elevated
+privileges, whether other user runs some sensitive program, whether other users
+run any program at all, etc.
+gid= defines a group authorized to learn processes information otherwise
+prohibited by hidepid=.  If you use some daemon like identd which needs to learn
+information about processes information, just add identd to this group.

diff --git a/Documentation/filesystems/proc.txt b/Documentation/filesystems/proc.txt index 0ec91f03422e..a76a26a1db8a 100644 --- a/Documentation/filesystems/proc.txt +++ b/Documentation/filesystems/proc.txt
@@ -41,6 +41,8 @@ Table of Contents
41	3.5 /proc/<pid>/mountinfo - Information about mounts	41	3.5 /proc/<pid>/mountinfo - Information about mounts
42	3.6 /proc/<pid>/comm & /proc/<pid>/task/<tid>/comm	42	3.6 /proc/<pid>/comm & /proc/<pid>/task/<tid>/comm
43		43
		44	4 Configuring procfs
		45	4.1 Mount options
44		46
45	------------------------------------------------------------------------------	47	------------------------------------------------------------------------------
46	Preface	48	Preface
@@ -305,6 +307,9 @@ Table 1-4: Contents of the stat files (as of 2.6.30-rc7)
305	blkio_ticks time spent waiting for block IO	307	blkio_ticks time spent waiting for block IO
306	gtime guest time of the task in jiffies	308	gtime guest time of the task in jiffies
307	cgtime guest time of the task children in jiffies	309	cgtime guest time of the task children in jiffies
		310	start_data address above which program data+bss is placed
		311	end_data address below which program data+bss is placed
		312	start_brk address above which program heap can be expanded with brk()
308	..............................................................................	313	..............................................................................
309		314
310	The /proc/PID/maps file containing the currently mapped memory regions and	315	The /proc/PID/maps file containing the currently mapped memory regions and
@@ -1542,3 +1547,40 @@ a task to set its own or one of its thread siblings comm value. The comm value
1542	is limited in size compared to the cmdline value, so writing anything longer	1547	is limited in size compared to the cmdline value, so writing anything longer
1543	then the kernel's TASK_COMM_LEN (currently 16 chars) will result in a truncated	1548	then the kernel's TASK_COMM_LEN (currently 16 chars) will result in a truncated
1544	comm value.	1549	comm value.
		1550
		1551
		1552	------------------------------------------------------------------------------
		1553	Configuring procfs
		1554	------------------------------------------------------------------------------
		1555
		1556	4.1 Mount options
		1557	---------------------
		1558
		1559	The following mount options are supported:
		1560
		1561	hidepid= Set /proc/<pid>/ access mode.
		1562	gid= Set the group authorized to learn processes information.
		1563
		1564	hidepid=0 means classic mode - everybody may access all /proc/<pid>/ directories
		1565	(default).
		1566
		1567	hidepid=1 means users may not access any /proc/<pid>/ directories but their
		1568	own. Sensitive files like cmdline, sched*, status are now protected against
		1569	other users. This makes it impossible to learn whether any user runs
		1570	specific program (given the program doesn't reveal itself by its behaviour).
		1571	As an additional bonus, as /proc/<pid>/cmdline is unaccessible for other users,
		1572	poorly written programs passing sensitive information via program arguments are
		1573	now protected against local eavesdroppers.
		1574
		1575	hidepid=2 means hidepid=1 plus all /proc/<pid>/ will be fully invisible to other
		1576	users. It doesn't mean that it hides a fact whether a process with a specific
		1577	pid value exists (it can be learned by other means, e.g. by "kill -0 $PID"),
		1578	but it hides process' uid and gid, which may be learned by stat()'ing
		1579	/proc/<pid>/ otherwise. It greatly complicates an intruder's task of gathering
		1580	information about running processes, whether some daemon runs with elevated
		1581	privileges, whether other user runs some sensitive program, whether other users
		1582	run any program at all, etc.
		1583
		1584	gid= defines a group authorized to learn processes information otherwise
		1585	prohibited by hidepid=. If you use some daemon like identd which needs to learn
		1586	information about processes information, just add identd to this group.