Re: Security by hiding processes

From: Skip Carter (
Date: 07/23/02

To: (Remco B. Brink)
Date: Tue, 23 Jul 2002 10:11:32 -0700
From: Skip Carter <>


> Suggestions like restricting access to /proc were named, but there
> were few suggestions on how to properly implement this.
> Personally I'm a bit sceptic towards this kind of security through
> obscurity, but I am hoping some of the readers of this list might have
> some input on this.
> Does hiding process give a false sense of security? Is it worth the
> effort? What problems can one run into by for example restricting
> access to /proc? Are there better ways to hide process information
> from users?
> Any input is well appreciated.

I have some experience with having /proc hidden through the use of chrooted
login environments.
Hiding /proc is trivial in a chroot environment, just do nothing when you
create the environment
-- you have to take some extra effort to make it available (by mounting it in
the chroot).

The problem with this is that some applications need to see what is in /proc
in order to work
properly. This may or not be a problem, depending upon what you are trying to
in your chroot space and what you want to allow to run there. Obvious
applications are
'ps' and related programs, but other applications use /proc as well (I
discovered that
Cocoon2 does this, so a chrooted web server that uses Cocoon2 needs to mount

In my opinion, the bottom line is that its not too hard to set up an
environment that cannot
see /proc, but its not always practical and shouldn't be relied upon in order
maintain security.


 Dr. Everett (Skip) Carter      Phone: 831-641-0645 FAX:  831-641-0647
 Taygeta Scientific Inc.        INTERNET:
 1340 Munras Ave., Suite 314    WWW:
 Monterey, CA. 93940