|
|
Subscribe / Log in / New account

Hiding a process's executable from itself

Hiding a process's executable from itself

Posted Jan 23, 2023 18:50 UTC (Mon) by gscrivano (subscriber, #74830)
In reply to: Hiding a process's executable from itself by jepler
Parent article: Hiding a process's executable from itself

they are already protected by the following check:

static const char *
proc_map_files_get_link(struct dentry *dentry,
struct inode *inode,
struct delayed_call *done)
{
if (!checkpoint_restore_ns_capable(&init_user_ns))
return ERR_PTR(-EPERM);

return proc_pid_get_link(dentry, inode, done);
}

where checkpoint_restore_ns_capable is defined as:

static inline bool checkpoint_restore_ns_capable(struct user_namespace *ns)
{
return ns_capable(ns, CAP_CHECKPOINT_RESTORE) ||
ns_capable(ns, CAP_SYS_ADMIN);
}

So you must either have CAP_SYS_ADMIN in the initial user namespace, or have CAP_CHECKPOINT_RESTORE in the user namespace.

to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds