The /proc filesystem
The /proc filesystem contains a directory for every process with a name that matches its process ID (pid). In each directory is a set of files that are used to obtain information about and debug processes, and generate core dumps. Although there are no known security vulnerabilities associated with the default access permissions for these files, they represent a potentially potent means of attack. Because few processes need access to these files, QNX recommends that you use the procnto() options -d 0777 -u 0777 to remove all default access. You can then grant access selectively by allowing the process manager abilities PROCMGR_AID_XPROCESS_QUERY, PROCMGR_AID_XPROCESS_MEM_READ, and PROCMGR_AID_XPROCESS_DEBUG to the appropriate processes.
- procnto in the Utilities Reference
- procmgr_ability() in the C Library Reference