Bypassing hiding Linux processes?
Clash Royale CLAN TAG#URR8PPP
Hiding Linux Processes
Recently, I've followed this tutorial, which detailed how to hide processes from users without root access, by means of setting hidepid=n on /proc/.
After following this tutorial step-by-step, I found that it is mostly effective at preventing a normal user from viewing other running processes(e.g. htop,top,ps).
Bypass
From messing around, I have also found that I can bypass these restrictions on /proc/ by using loginctl provided by systemd.
For example, if I were to run:
loginctl user-status root
I would be able to see all processes that the root user is running(that is if they are logged in)?
Questions
So, my questions remain:
- Why is this allowed?
- How does this work(via direct
daemon)? - Is this a vulnerability
permissions vulnerability
edited Feb 10 at 15:09
ctrl-alt-delor
11.8k42160
asked Feb 7 at 21:13
NerdOfCodeNerdOfCode
12315
|
show 4 more comments
Hiding Linux Processes
Recently, I've followed this tutorial, which detailed how to hide processes from users without root access, by means of setting hidepid=n on /proc/.
After following this tutorial step-by-step, I found that it is mostly effective at preventing a normal user from viewing other running processes(e.g. htop,top,ps).
Bypass
From messing around, I have also found that I can bypass these restrictions on /proc/ by using loginctl provided by systemd.
For example, if I were to run:
loginctl user-status root
I would be able to see all processes that the root user is running(that is if they are logged in)?
Questions
So, my questions remain:
- Why is this allowed?
- How does this work(via direct
daemon)? - Is this a vulnerability
permissions vulnerability
edited Feb 10 at 15:09
ctrl-alt-delor
11.8k42160
asked Feb 7 at 21:13
NerdOfCodeNerdOfCode
12315
1
hidepid doesn't hide other evidence. systemd track its own process cgroup status. I don't think this is a vulnerability because it doesn't allow you access important property of root processes
– 炸鱼薯条德里克
Feb 7 at 21:33
@炸鱼薯条德里克 Why does systemd do this though?
– NerdOfCode
Feb 7 at 21:35
Because it is designed to manage services and sessions using cgroup, which happens to let you see these processes. It's just a harmless side-effect
– 炸鱼薯条德里克
Feb 7 at 21:37
Then what's the point of even settinghidepid?
– NerdOfCode
Feb 7 at 21:56
"it doesn't allow you access important property of root processes " Didn't I I just provide the answer?
– 炸鱼薯条德里克
Feb 7 at 21:58
|
show 4 more comments
Hiding Linux Processes
Recently, I've followed this tutorial, which detailed how to hide processes from users without root access, by means of setting hidepid=n on /proc/.
After following this tutorial step-by-step, I found that it is mostly effective at preventing a normal user from viewing other running processes(e.g. htop,top,ps).
Bypass
From messing around, I have also found that I can bypass these restrictions on /proc/ by using loginctl provided by systemd.
For example, if I were to run:
loginctl user-status root
I would be able to see all processes that the root user is running(that is if they are logged in)?
Questions
So, my questions remain:
- Why is this allowed?
- How does this work(via direct
daemon)? - Is this a vulnerability
permissions vulnerability
edited Feb 10 at 15:09
ctrl-alt-delor
11.8k42160
asked Feb 7 at 21:13
NerdOfCodeNerdOfCode
12315
Hiding Linux Processes
Recently, I've followed this tutorial, which detailed how to hide processes from users without root access, by means of setting hidepid=n on /proc/.
After following this tutorial step-by-step, I found that it is mostly effective at preventing a normal user from viewing other running processes(e.g. htop,top,ps).
Bypass
From messing around, I have also found that I can bypass these restrictions on /proc/ by using loginctl provided by systemd.
For example, if I were to run:
loginctl user-status root
I would be able to see all processes that the root user is running(that is if they are logged in)?
Questions
So, my questions remain:
- Why is this allowed?
- How does this work(via direct
daemon)? - Is this a vulnerability
permissions vulnerability
permissions vulnerability
edited Feb 10 at 15:09
ctrl-alt-delor
11.8k42160
asked Feb 7 at 21:13
NerdOfCodeNerdOfCode
12315
edited Feb 10 at 15:09
ctrl-alt-delor
11.8k42160
asked Feb 7 at 21:13
NerdOfCodeNerdOfCode
12315
edited Feb 10 at 15:09
ctrl-alt-delor
11.8k42160
edited Feb 10 at 15:09
ctrl-alt-delor
11.8k42160
edited Feb 10 at 15:09
ctrl-alt-delor
11.8k42160
11.8k42160
asked Feb 7 at 21:13
NerdOfCodeNerdOfCode
12315
asked Feb 7 at 21:13
NerdOfCodeNerdOfCode
12315
asked Feb 7 at 21:13
NerdOfCodeNerdOfCode
12315
12315
1
hidepid doesn't hide other evidence. systemd track its own process cgroup status. I don't think this is a vulnerability because it doesn't allow you access important property of root processes
– 炸鱼薯条德里克
Feb 7 at 21:33
@炸鱼薯条德里克 Why does systemd do this though?
– NerdOfCode
Feb 7 at 21:35
Because it is designed to manage services and sessions using cgroup, which happens to let you see these processes. It's just a harmless side-effect
– 炸鱼薯条德里克
Feb 7 at 21:37
Then what's the point of even settinghidepid?
– NerdOfCode
Feb 7 at 21:56
"it doesn't allow you access important property of root processes " Didn't I I just provide the answer?
– 炸鱼薯条德里克
Feb 7 at 21:58
|
show 4 more comments
1
hidepid doesn't hide other evidence. systemd track its own process cgroup status. I don't think this is a vulnerability because it doesn't allow you access important property of root processes
– 炸鱼薯条德里克
Feb 7 at 21:33
@炸鱼薯条德里克 Why does systemd do this though?
– NerdOfCode
Feb 7 at 21:35
Because it is designed to manage services and sessions using cgroup, which happens to let you see these processes. It's just a harmless side-effect
– 炸鱼薯条德里克
Feb 7 at 21:37
Then what's the point of even settinghidepid?
– NerdOfCode
Feb 7 at 21:56
"it doesn't allow you access important property of root processes " Didn't I I just provide the answer?
– 炸鱼薯条德里克
Feb 7 at 21:58
1
1
hidepid doesn't hide other evidence. systemd track its own process cgroup status. I don't think this is a vulnerability because it doesn't allow you access important property of root processes
– 炸鱼薯条德里克
Feb 7 at 21:33
hidepid doesn't hide other evidence. systemd track its own process cgroup status. I don't think this is a vulnerability because it doesn't allow you access important property of root processes
– 炸鱼薯条德里克
Feb 7 at 21:33
@炸鱼薯条德里克 Why does systemd do this though?
– NerdOfCode
Feb 7 at 21:35
@炸鱼薯条德里克 Why does systemd do this though?
– NerdOfCode
Feb 7 at 21:35
Because it is designed to manage services and sessions using cgroup, which happens to let you see these processes. It's just a harmless side-effect
– 炸鱼薯条德里克
Feb 7 at 21:37
Because it is designed to manage services and sessions using cgroup, which happens to let you see these processes. It's just a harmless side-effect
– 炸鱼薯条德里克
Feb 7 at 21:37
Then what's the point of even setting
hidepid?– NerdOfCode
Feb 7 at 21:56
Then what's the point of even setting
hidepid?– NerdOfCode
Feb 7 at 21:56
"it doesn't allow you access important property of root processes " Didn't I I just provide the answer?
– 炸鱼薯条德里克
Feb 7 at 21:58
"it doesn't allow you access important property of root processes " Didn't I I just provide the answer?
– 炸鱼薯条德里克
Feb 7 at 21:58
|
show 4 more comments
0
active
oldest
votes
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "106"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f499364%2fbypassing-hiding-linux-processes%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
0
active
oldest
votes
0
active
oldest
votes
active
oldest
votes
active
oldest
votes
Thanks for contributing an answer to Unix & Linux Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f499364%2fbypassing-hiding-linux-processes%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
1
hidepid doesn't hide other evidence. systemd track its own process cgroup status. I don't think this is a vulnerability because it doesn't allow you access important property of root processes
– 炸鱼薯条德里克
Feb 7 at 21:33
@炸鱼薯条德里克 Why does systemd do this though?
– NerdOfCode
Feb 7 at 21:35
Because it is designed to manage services and sessions using cgroup, which happens to let you see these processes. It's just a harmless side-effect
– 炸鱼薯条德里克
Feb 7 at 21:37
Then what's the point of even setting
hidepid?– NerdOfCode
Feb 7 at 21:56
"it doesn't allow you access important property of root processes " Didn't I I just provide the answer?
– 炸鱼薯条德里克
Feb 7 at 21:58