Re: Security by hiding processesFrom: Seth Arnold (email@example.com)
- Previous message: Skip Carter: "Re: Security by hiding processes"
- In reply to: Remco B. Brink: "Security by hiding processes"
- Next in thread: ellipse: "Re: Security by hiding processes"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 23 Jul 2002 11:01:32 -0700 From: Seth Arnold <firstname.lastname@example.org> To: "Remco B. Brink" <email@example.com>
On Tue, Jul 23, 2002 at 03:28:45PM +0200, Remco B. Brink wrote:
> during a lively discussion in some Norwegian newsgroups the issue was
> raised of increasing security on a Linux server by not allowing users
> to view process listings.
> Suggestions like restricting access to /proc were named, but there
> were few suggestions on how to properly implement this.
Solar Designer's Openwall patch has some restricted /proc permissions.
That portion of the patch is very easy to understand, so extending it to
include everything one might want to hide should be very straightforward.
> Does hiding process give a false sense of security?
For most users, hiding other's processes is pretty pointless. It can
sometimes be very nice indeed, if one must pass a password as a command
line argument, or if one is concerned with information leaking from one
user to another.
-- Outlook users: please do not put my email address in your address book. This way, when you get infected with a virus, my address won't appear in the From: header. Thanks.
- application/pgp-signature attachment: stored