Proc files visible to all in Lenny, but not in Squeeze

Question

I noticed that in my lenny distributions of debian that the proc files are read all in that any user can see if a process is running. In squeeze I noticed that the proc files are readable just to that user.

For example the root processes are not visible to users in squeeze but they are in lenny. I didn't setup our lenny servers but is there something that was done that caused lenny (either by me predicessor or something actually different in the distribution) to make the procs visible to all?

Note: I took a look at the fstab and they are the same for proc in squeeze and lenny.

It makes a _lot_ of sense not to let just anybody find out what some other user's processes are up to... — vonbrand, Apr 11 '13 at 17:22

score 1 · Accepted Answer · answered Apr 14 '13 at 21:51

So the real answer is this:

The servers that where on squeeze where by a different provider then the lenny ones. As I found out the squeeze ones where compiled with a kernel that included the grsecurity patch which restricts access to /proc to just the that user's processes.

You can add grsecurity as a patch to other linux distributions following this instruciton guide: http://en.wikibooks.org/wiki/Grsecurity

Proc files visible to all in Lenny, but not in Squeeze

1 Answers1