Mailing List Archive

From:: "H. Hartzer" <h@hartzer.sh>
Subject:: Re: sysctl to hide processes of a different UID
To:: <tech@openbsd.org>
Date:: Sat, 09 Aug 2025 14:57:53 +0000

Download raw body.

Thread

2025-04-12 01:47 H. Hartzer:
sysctl to hide processes of a different UID
- 2025-08-09 14:57 H. Hartzer:
  sysctl to hide processes of a different UID

On Sat Apr 12, 2025, H. Hartzer wrote:
> Hi tech@,
>
> The ability to prevent process snooping across users is included
> in Linux (/proc hidepid mount option), FreeBSD
> (sysctl security.bsd.see_other_uids), and NetBSD
> (sysctl security.curtain).
>
>
> If an account were compromised, an adversary might watch process
> output for a variety of reasons. I feel like this might be useful
> to some on OpenBSD. The code to support it appears pretty light.
>
> I've found three patches for this, but it seems like crickets on
> all of them. Maybe one, or a similar one, could be considered for
> adoption?
>
> https://web.archive.org/web/20220314132353/https://imaginatif.org/u/fbriere/kern_hide.diff.txt
>
> https://marc.info/?l=openbsd-tech&m=158006027808962&w=2
>
> https://marc.info/?l=openbsd-tech&m=168831770811638&w=2
>
> Thanks!
>
> -Henrich

Hi again,

I hadn't seen any replies so thought I'd give this a bump.

Thanks!

-Henrich

2025-04-12 01:47 H. Hartzer:
sysctl to hide processes of a different UID
- 2025-08-09 14:57 H. Hartzer:
  sysctl to hide processes of a different UID