Re: Security by hiding processes

From: José Luis Domingo López (focus-linux@24x7linux.com)
Date: 07/23/02


Date: Tue, 23 Jul 2002 18:57:30 +0200
From: José Luis Domingo López <focus-linux@24x7linux.com>
To: focus-linux@securityfocus.com

On Tuesday, 23 July 2002, at 15:28:45 +0200,
Remco B. Brink wrote:

> Suggestions like restricting access to /proc were named, but there
> were few suggestions on how to properly implement this.
>
Check http://www.grsecurity.org/ for recent linux kernel patches that,
among other things, give you a restricted /proc where users can only see
their own processes.

> Personally I'm a bit sceptic towards this kind of security through
> obscurity, but I am hoping some of the readers of this list might have
> some input on this.
>
I don't think this is security through obscurity, but some kind of least
priviledge/knowlege. Maybe the sole knowledge of other users' runnning
processes (and command line arguments) is not enough to escalate
priviledges or gain unauthorized access, but can give you enough
information to concentrate your attack against certain users or
applications, or ease the cracker's job.

Is like having /etc/security/limits.conf world-readable: won't give you
the ability to take the box down, but if you know which users have no
restrictions on resources, you can focus on them.

Regards,

-- 
Jose Luis Domingo Lopez
Linux Registered User #189436     Debian Linux Woody (Linux 2.4.19-pre6aa1)



Relevant Pages

  • RE: [Full-Disclosure] Re: January 15 is Personal Firewall Day, he lp the cause
    ... supply of patches (Windows NT4/95/98) these systems should go offline ... Security is always a trade-off. ... This is how Linux and other ... Apache virtually owns the market with more than 60%. ...
    (Full-Disclosure)
  • SecurityFocus Linux Newsletter #39
    ... Subject: SecurityFocus Linux Newsletter #39 ... Need to keep track of the latest vulnerability information? ... vulnerabilities for both security product vendors and corporate security ... NEW PRODUCTS FOR LINUX PLATFORMS ...
    (Focus-Linux)
  • RE: Linux hacked
    ... Subject: Linux hacked ... After you boot up into the OS running from CD, ... >> First let me say I'm a security novice. ... >> been unsuccessful in getting root back. ...
    (Security-Basics)
  • Re: Community responsibility and abuse (2): the case of top-
    ... Without ANY evidence of ANY security problems you try ... PLEASE PROVIDE EVIDENCE OF ANY ... evidence that Linux is anywhere near as insecure as windows. ... Still no "spacific evidence that Linux is anywhere near as insecure as ...
    (alt.linux)
  • Re: testing laptop based on bsd anyone
    ... "A new linux distribution for Wardrivers" ... I wasn't speaking about the relative strengths of security measures within ... As attacks through web applications continue to rise, ... vulnerability management needs. ...
    (Pen-Test)