Re: Security by hiding processesFrom: José Luis Domingo López (email@example.com)
- Previous message: Brian Hatch: "Re: Security by hiding processes"
- In reply to: Remco B. Brink: "Security by hiding processes"
- Next in thread: Skip Carter: "Re: Security by hiding processes"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 23 Jul 2002 18:57:30 +0200 From: José Luis Domingo López <firstname.lastname@example.org> To: email@example.com
On Tuesday, 23 July 2002, at 15:28:45 +0200,
Remco B. Brink wrote:
> Suggestions like restricting access to /proc were named, but there
> were few suggestions on how to properly implement this.
Check http://www.grsecurity.org/ for recent linux kernel patches that,
among other things, give you a restricted /proc where users can only see
their own processes.
> Personally I'm a bit sceptic towards this kind of security through
> obscurity, but I am hoping some of the readers of this list might have
> some input on this.
I don't think this is security through obscurity, but some kind of least
priviledge/knowlege. Maybe the sole knowledge of other users' runnning
processes (and command line arguments) is not enough to escalate
priviledges or gain unauthorized access, but can give you enough
information to concentrate your attack against certain users or
applications, or ease the cracker's job.
Is like having /etc/security/limits.conf world-readable: won't give you
the ability to take the box down, but if you know which users have no
restrictions on resources, you can focus on them.
-- Jose Luis Domingo Lopez Linux Registered User #189436 Debian Linux Woody (Linux 2.4.19-pre6aa1)