Re: Security by hiding processes

From: Seth Arnold (sarnold@wirex.com)
Date: 07/23/02


Date: Tue, 23 Jul 2002 11:01:32 -0700
From: Seth Arnold <sarnold@wirex.com>
To: "Remco B. Brink" <remco@rc6.org>


On Tue, Jul 23, 2002 at 03:28:45PM +0200, Remco B. Brink wrote:
> during a lively discussion in some Norwegian newsgroups the issue was
> raised of increasing security on a Linux server by not allowing users
> to view process listings.
>
> Suggestions like restricting access to /proc were named, but there
> were few suggestions on how to properly implement this.

Solar Designer's Openwall patch has some restricted /proc permissions.
That portion of the patch is very easy to understand, so extending it to
include everything one might want to hide should be very straightforward.

> Does hiding process give a false sense of security?

For most users, hiding other's processes is pretty pointless. It can
sometimes be very nice indeed, if one must pass a password as a command
line argument, or if one is concerned with information leaking from one
user to another.

-- 
Outlook users: please do not put my email address in your address book.
This way, when you get infected with a virus, my address won't appear in
the From: header. Thanks.