From owner-freebsd-security Fri Sep 27 4:32:18 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 95B3237B401 for ; Fri, 27 Sep 2002 04:32:16 -0700 (PDT) Received: from mail.crypton.pl (ns.crypton.pl [195.216.109.11]) by mx1.FreeBSD.org (Postfix) with SMTP id B6DD443E6A for ; Fri, 27 Sep 2002 04:32:12 -0700 (PDT) (envelope-from mailman@mail.crypton.pl) Received: (qmail 71510 invoked by uid 1017); 27 Sep 2002 11:32:00 -0000 Date: Fri, 27 Sep 2002 13:32:00 +0200 From: Nomad To: freebsd-security@freebsd.org Subject: kern.ps_showallprocs and procfs Message-ID: <20020927113200.GB71234@killer.crypton.pl> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-2 Content-Disposition: inline User-Agent: Mutt/1.4i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hello Our's FreeBSD have nice possibility of hiding process informations of other users just by setting kern.ps_showallprocs=0. But there is one bad thing about it. For what we using it, when anybody can read all informations from /proc filesystem. And, as everybody knows, this filesystem contain information on ALL processes in system. So I was trying to protect this information by permissions manipulations but without possitive results. The only workaround is to umnount /proc and hash it in /etc/fstab, but I think it's not good idea to resolve this in only in that way. If somebody has some good solution to this problem: I'am ready to read about it. I working on FreeBSD 4.6.2-RELEASE and 4.7-RC. -- Nomad [%% When you dance with the devil %%] [%% the devil don't change. %%] [%% The devil changes you. %%] To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message