Re: Security by hiding processesFrom: Skip Carter (firstname.lastname@example.org)
- Previous message: José Luis Domingo López: "Re: Security by hiding processes"
- In reply to: Remco B. Brink: "Security by hiding processes"
- Next in thread: Seth Arnold: "Re: Security by hiding processes"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: email@example.com (Remco B. Brink) Date: Tue, 23 Jul 2002 10:11:32 -0700 From: Skip Carter <firstname.lastname@example.org>
> Suggestions like restricting access to /proc were named, but there
> were few suggestions on how to properly implement this.
> Personally I'm a bit sceptic towards this kind of security through
> obscurity, but I am hoping some of the readers of this list might have
> some input on this.
> Does hiding process give a false sense of security? Is it worth the
> effort? What problems can one run into by for example restricting
> access to /proc? Are there better ways to hide process information
> from users?
> Any input is well appreciated.
I have some experience with having /proc hidden through the use of chrooted
Hiding /proc is trivial in a chroot environment, just do nothing when you
create the environment
-- you have to take some extra effort to make it available (by mounting it in
The problem with this is that some applications need to see what is in /proc
in order to work
properly. This may or not be a problem, depending upon what you are trying to
in your chroot space and what you want to allow to run there. Obvious
'ps' and related programs, but other applications use /proc as well (I
Cocoon2 does this, so a chrooted web server that uses Cocoon2 needs to mount
In my opinion, the bottom line is that its not too hard to set up an
environment that cannot
see /proc, but its not always practical and shouldn't be relied upon in order
-- Dr. Everett (Skip) Carter Phone: 831-641-0645 FAX: 831-641-0647 Taygeta Scientific Inc. INTERNET: email@example.com 1340 Munras Ave., Suite 314 WWW: http://www.taygeta.com Monterey, CA. 93940