diff -ur linux-2.6.21.5/fs/proc/base.c linux-2.6.21.5-privacy/fs/proc/base.c --- linux-2.6.21.5/fs/proc/base.c 2007-06-11 19:37:06.000000000 +0100 +++ linux-2.6.21.5-privacy/fs/proc/base.c 2007-07-20 11:57:10.000000000 +0100 @@ -1048,14 +1048,16 @@ { struct inode *inode = dentry->d_inode; struct task_struct *task; + struct task_struct *tmp = current; generic_fillattr(inode, stat); rcu_read_lock(); stat->uid = 0; stat->gid = 0; task = pid_task(proc_pid(inode), PIDTYPE_PID); - if (task) { + if (task && (!tmp->uid || (tmp->uid == task->uid))) { if ((inode->i_mode == (S_IFDIR|S_IRUGO|S_IXUGO)) || + (inode->i_mode == (S_IFDIR|S_IRUSR|S_IXUSR)) || task_dumpable(task)) { stat->uid = task->euid; stat->gid = task->egid; @@ -1088,6 +1090,7 @@ struct task_struct *task = get_proc_task(inode); if (task) { if ((inode->i_mode == (S_IFDIR|S_IRUGO|S_IXUGO)) || + (inode->i_mode == (S_IFDIR|S_IRUSR|S_IXUSR)) || task_dumpable(task)) { inode->i_uid = task->euid; inode->i_gid = task->egid; @@ -1979,7 +1982,7 @@ if (!inode) goto out; - inode->i_mode = S_IFDIR|S_IRUGO|S_IXUGO; + inode->i_mode = S_IFDIR|S_IRUSR|S_IXUSR; inode->i_op = &proc_tgid_base_inode_operations; inode->i_fop = &proc_tgid_base_operations; inode->i_flags|=S_IMMUTABLE; @@ -2078,6 +2081,7 @@ { unsigned int nr = filp->f_pos - FIRST_PROCESS_ENTRY; struct task_struct *reaper = get_proc_task(filp->f_path.dentry->d_inode); + struct task_struct *tmp = current; struct task_struct *task; int tgid; @@ -2095,6 +2099,8 @@ task; put_task_struct(task), task = next_tgid(tgid + 1)) { tgid = task->pid; + if (tmp->uid && (task->uid != tmp->uid)) + continue; filp->f_pos = tgid + TGID_OFFSET; if (proc_pid_fill_cache(filp, dirent, filldir, task, tgid) < 0) { put_task_struct(task); diff -ur linux-2.6.21.5/fs/proc/root.c linux-2.6.21.5-privacy/fs/proc/root.c --- linux-2.6.21.5/fs/proc/root.c 2007-06-11 19:37:06.000000000 +0100 +++ linux-2.6.21.5-privacy/fs/proc/root.c 2007-07-20 12:00:55.000000000 +0100 @@ -61,7 +61,7 @@ return; } proc_misc_init(); - proc_net = proc_mkdir("net", NULL); + proc_net = proc_mkdir_mode("net", S_IRUSR | S_IXUSR, NULL); proc_net_stat = proc_mkdir("net/stat", NULL); #ifdef CONFIG_SYSVIPC @@ -78,7 +78,7 @@ #ifdef CONFIG_PROC_DEVICETREE proc_device_tree_init(); #endif - proc_bus = proc_mkdir("bus", NULL); + proc_bus = proc_mkdir_mode("bus", S_IRUSR | S_IXUSR, NULL); proc_sys_init(); } diff -ur linux-2.6.21.5/kernel/configs.c linux-2.6.21.5-privacy/kernel/configs.c --- linux-2.6.21.5/kernel/configs.c 2007-06-11 19:37:06.000000000 +0100 +++ linux-2.6.21.5-privacy/kernel/configs.c 2007-07-20 12:02:59.000000000 +0100 @@ -88,7 +88,7 @@ struct proc_dir_entry *entry; /* create the current config file */ - entry = create_proc_entry("config.gz", S_IFREG | S_IRUGO, + entry = create_proc_entry("config.gz", S_IFREG | S_IRUSR, &proc_root); if (!entry) return -ENOMEM; diff -ur linux-2.6.21.5/kernel/kallsyms.c linux-2.6.21.5-privacy/kernel/kallsyms.c --- linux-2.6.21.5/kernel/kallsyms.c 2007-06-11 19:37:06.000000000 +0100 +++ linux-2.6.21.5-privacy/kernel/kallsyms.c 2007-07-20 12:03:37.000000000 +0100 @@ -444,7 +444,7 @@ { struct proc_dir_entry *entry; - entry = create_proc_entry("kallsyms", 0444, NULL); + entry = create_proc_entry("kallsyms", S_IFREG | S_IRUSR, NULL); if (entry) entry->proc_fops = &kallsyms_operations; return 0; diff -ur linux-2.6.21.5/kernel/resource.c linux-2.6.21.5-privacy/kernel/resource.c --- linux-2.6.21.5/kernel/resource.c 2007-06-11 19:37:06.000000000 +0100 +++ linux-2.6.21.5-privacy/kernel/resource.c 2007-07-20 12:04:31.000000000 +0100 @@ -133,10 +133,10 @@ { struct proc_dir_entry *entry; - entry = create_proc_entry("ioports", 0, NULL); + entry = create_proc_entry("ioports", S_IRUSR, NULL); if (entry) entry->proc_fops = &proc_ioports_operations; - entry = create_proc_entry("iomem", 0, NULL); + entry = create_proc_entry("iomem", S_IRUSR, NULL); if (entry) entry->proc_fops = &proc_iomem_operations; return 0;