"James W. Abendschan" writes: >Maybe I'm completely missing the point, but wouldn't this help? > > linux# chown root.kmem /proc > linux# chmod 750 /proc > >And then sgid kmem all the binaries that need /proc access: One of the big reasons for having /proc is to simplify the interface for debuggers. Doing this means setgid dbx/gdb/adb/... Wouldn't it be better to have files in /proc export the owner/group/perm bits of the underlying file (where applicable), with a further restriction that write access follow the semantics of ptrace(2)? Or perhaps have /proc/pid/* use the underlying perms, but restrict /proc/pid/fd/* to being writable only by the current process and the parent as per ptrace(2)? Of course, write access to /proc/pid/mem effectively bypasses any additional restrictions placed on /proc/pid/fd/*. --lyndon