Date: Mon, 1 Mar 2004 16:38:54 +0200 From: "Daniel Ben-Zvi" <acid@tapuz.co.il> To: "Andy Gilligan" <andy@glbx.net> Cc: freebsd-security@freebsd.org Subject: Re: procfs + chmod = no go Message-ID: <002101c3ff9a$ec47c9c0$0200000a@egzdaniel> References: <1298.213.224.103.192.1078085673.squirrel@webmail.boxke.be><xzpvfloiwga.fsf@dwp.des.no> <20040301125053.GA94405@vega.glbx.net>
next in thread | previous in thread | raw e-mail | index | archive | help
It should accomplish the same thing, but for some reason (and maybe thats how it was intended to be) the whole process tree can still be viewed from /proc This may be considered a bug but can be easily fixed with a small kernel patch. ----- Original Message ----- From: "Andy Gilligan" <andy@glbx.net> To: <freebsd-security@freebsd.org> Sent: Monday, March 01, 2004 2:50 PM Subject: Re: procfs + chmod = no go > On Mon, 1 Mar 2004 at 12:27, Dag-Erling Smørgrav wrote: > > "Jimmy Scott" <admin@inet-solutions.be> writes: > > > Is this possible on FreeBSD 4.9 ? Can't find anything about it in the > > > manual pages. Just want to prevent lusers from running: > > > > > > for file in /proc/*/cmdline; do cat $file; echo; done > > > > Why? They can get the same information from ps(1) or the kern.proc > > sysctl tree. > > > > (in 5.2, you can set security.bsd.see_other_uid to 0 to prevent users > > from seeing other users' processes) > > Surely kern.ps_showallprocs would accomplish the same thing in 4.x ? > > -Andy > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?002101c3ff9a$ec47c9c0$0200000a>