Comment by riddley
7 days ago
I'm guessing I'll get down-voted for this, but what's to stop any browser/executable from trolling through /proc on Linux and knowing about what every process running as you is doing?
7 days ago
I'm guessing I'll get down-voted for this, but what's to stop any browser/executable from trolling through /proc on Linux and knowing about what every process running as you is doing?
Nothing, notably programs like discord do exactly this under the guise of detecting if you are playing a game or not, but I find it hard to believe that discord can resist the temptation to send back the entire process tree to their servers.
Nothing really. Desktop operating systems are basically grandfathered into the modern world. They have the old timey approach to application security. That being, applications can access everything on your computer, and there's no fine-grained permission systems.
But, for OS that we've developed later, we kind of decided that's a problem, and applications are a vector for malware, and "trust" just isn't enough. So Android and iOS did the whole permissions thing.
Now, we've gone back and added some stuff onto desktop operating systems. Of course Linux has containers these days on desktop. Like, I'm running Firefox right now - but Firefox can only access it's runtime folders and ~/Downloads. So, if there's a zero day sandbox breach, I won't get data stolen. There's also SELinux and Apparmor and stuff and you can really jump into the deep end with this.
But, we largely view it as unnecessary because we're running open-source software from trusted repositories. We probably shouldn't view it that way.
File mode bits prevent processes not running as root from reading much of the info in /proc.
I don’t know… with a stock Linux, the information a user can get from top (via /proc, I assume), is pretty thorough. You can at least get a list of running programs, which by itself could be valuable.
Good point. I withdraw my comment.