203541 – Restricting hardware information from users other than root

Bug 203541 - Restricting hardware information from users other than root

Summary: Restricting hardware information from users other than root

Status:	NEW

Alias:	None

Product:	Other
Classification:	Unclassified
Component:	Other (show other bugs)
Hardware:	All Linux

Importance:	P1 normal
Assignee:	other_other

URL:
Keywords:

Depends on:
Blocks:

Reported:	2019-05-07 19:34 UTC by john.pseudonym1
Modified:	2019-05-07 19:34 UTC (History)
CC List:	0 users

See Also:
Kernel Version:	4.9.0-9
Subsystem:
Regression:	No
Bisected commit-id:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description john.pseudonym1 2019-05-07 19:34:10 UTC

Hi, 

As part of the hardening of an anonymity focused operating system called Whonix, we would like to restrict the hardware information from users other than root to prevent the possibility of this being an identifier. 

We would do this by changing permissions of files like /proc/cpuinfo, /bin/lspci and some files in /sys so only root can access them.

How would this affect the OS? Would it have any negative effects or errors and would it be possible to include restricted permissions by default so every installation would have this? If it won't cause errors, of course.

Also, is there any way of restricting the hardware information from even root so an attacker that gains root privileges cannot get the hardware information?

Best regards.

Note You need to log in before you can comment on or make changes to this bug.