9

Is it possible to configure process hiding for certain user groups under a linux system?

For example: Users from group X should not see processes owned by users from group Y in ps/top or under /proc.

Is it possible to configure such a setup with SELinux?

(I vaguely remember a similar feature in the funny grsecurity patch set - but IIRC, it was more generic - and besides, I want to configure a stock linux distro without having to maintain a custom kernel.)

Edit: For better illustration, Solaris 10 has a similar feature. The example is not that generic, but one can configure that a user or some users can only see information of their own processes in ps etc.

alanc
  • 2,994
maxschlepzig
  • 57,532

2 Answers2

4

Actually, SELinux seems to allow such configurations:

From the first Howto:

This time, you will see all processes on the system regardless of the domain they are in. When in sysadm_t domain, you have access to other domains which the user_t domain does not.

From the second Howto:

The third line allows staff_t to run ps and see processes in the unprivileged user domains. staff_t is able to run ps and see everything in user_t and other user domains if any, whereas user_t can not.

maxschlepzig
  • 57,532
-1

Without a rootkit, or without hacking the kernel to specifically allow that behavior, there are not any pre-packaged options.

If these are processes launched from code you have access to then you may be able to recompile it while altering the argv[0] argument passed into the program. This could effectively change the name to something benign and thus "hide" it from anyone checking top or ps, etc.

Shamster
  • 232