Re: limiting the 'ps' command on linux

From: Wojtek Walczak (gminick@hacker.pl)
Date: 03/17/03


From: Wojtek Walczak <gminick@hacker.pl>
Date: Mon, 17 Mar 2003 15:51:39 +0000 (UTC)

Dnia Mon, 17 Mar 2003 11:47:10 +0100, Kasper Dupont napisa³(a):
> That can only be achieved by a kernel patch. And expect to break
> something when you do that. If you want a solution without any
> changes to the kernel simply don't allow users access to /proc.
> Of course removing access to /proc is going to break even more
> than the kernel patch, but you are at least not needing another
> kernel to do it. The simple approach is to umount /proc, but if
> you want root to still have access to the proc filesystem, it
> becomes more complicated. You could create a new directory
>/root/proc and replace /proc with a symlink to /root/proc.
Well, he can also hack libproc library. Changes would apply to
ps, top and so on (but all the informations will be still accessible
by browsing /proc directory).

-- 
[ Wojtek Walczak - gminick (at) underground.org.pl ]
[        <http://gminick.linuxsecurity.pl/>        ]
[ "...rozmaite zwroty, matowe od patyny dawnosci." ]