Re: procfs + chmod = no go

From: Daniel Ben-Zvi (acid_at_tapuz.co.il)
Date: 03/01/04

  • Next message: Konstantinos Fotiadis: "General Security Issues" 
    To: "Andy Gilligan" <andy@glbx.net>
Date: Mon, 1 Mar 2004 16:38:54 +0200

    It should accomplish the same thing,
    but for some reason (and maybe thats how it was intended to be) the whole
    process tree can still be viewed from /proc

    This may be considered a bug but can be easily fixed with a small kernel
    patch.

    ----- Original Message -----
    From: "Andy Gilligan" <andy@glbx.net>
    To: <freebsd-security@freebsd.org>
    Sent: Monday, March 01, 2004 2:50 PM
    Subject: Re: procfs + chmod = no go

    > On Mon, 1 Mar 2004 at 12:27, Dag-Erling Smørgrav wrote:
    > > "Jimmy Scott" <admin@inet-solutions.be> writes:
    > > > Is this possible on FreeBSD 4.9 ? Can't find anything about it in the
    > > > manual pages. Just want to prevent lusers from running:
    > > >
    > > > for file in /proc/*/cmdline; do cat $file; echo; done
    > >
    > > Why? They can get the same information from ps(1) or the kern.proc
    > > sysctl tree.
    > >
    > > (in 5.2, you can set security.bsd.see_other_uid to 0 to prevent users
    > > from seeing other users' processes)
    >
    > Surely kern.ps_showallprocs would accomplish the same thing in 4.x ?
    >
    > -Andy
    > _______________________________________________
    > freebsd-security@freebsd.org mailing list
    > http://lists.freebsd.org/mailman/listinfo/freebsd-security
    > To unsubscribe, send any mail to
    "freebsd-security-unsubscribe@freebsd.org"
    >

    _______________________________________________
    freebsd-security@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-security
    To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"

  • Next message: Konstantinos Fotiadis: "General Security Issues"