Re: Security by hiding processes

From: José Luis Domingo López (focus-linux@24x7linux.com)
Date: 07/23/02


Date: Tue, 23 Jul 2002 18:57:30 +0200
From: José Luis Domingo López <focus-linux@24x7linux.com>
To: focus-linux@securityfocus.com

On Tuesday, 23 July 2002, at 15:28:45 +0200,
Remco B. Brink wrote:

> Suggestions like restricting access to /proc were named, but there
> were few suggestions on how to properly implement this.
>
Check http://www.grsecurity.org/ for recent linux kernel patches that,
among other things, give you a restricted /proc where users can only see
their own processes.

> Personally I'm a bit sceptic towards this kind of security through
> obscurity, but I am hoping some of the readers of this list might have
> some input on this.
>
I don't think this is security through obscurity, but some kind of least
priviledge/knowlege. Maybe the sole knowledge of other users' runnning
processes (and command line arguments) is not enough to escalate
priviledges or gain unauthorized access, but can give you enough
information to concentrate your attack against certain users or
applications, or ease the cracker's job.

Is like having /etc/security/limits.conf world-readable: won't give you
the ability to take the box down, but if you know which users have no
restrictions on resources, you can focus on them.

Regards,

-- 
Jose Luis Domingo Lopez
Linux Registered User #189436     Debian Linux Woody (Linux 2.4.19-pre6aa1)