From owner-freebsd-security@FreeBSD.ORG Mon Mar 1 06:37:25 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A3D0B16A4CE for ; Mon, 1 Mar 2004 06:37:25 -0800 (PST) Received: from tapuz.co.il (mail.tapuz.co.il [212.29.242.32]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0358C43D39 for ; Mon, 1 Mar 2004 06:37:23 -0800 (PST) (envelope-from acid@tapuz.co.il) Received: from egzdaniel (unverified [82.166.153.121]) by tapuz.co.il (SurgeMail 1.5d2) with ESMTP id 1194494 for multiple; Mon, 01 Mar 2004 16:39:01 +0200 Message-ID: <002101c3ff9a$ec47c9c0$0200000a@egzdaniel> From: "Daniel Ben-Zvi" To: "Andy Gilligan" References: <1298.213.224.103.192.1078085673.squirrel@webmail.boxke.be> <20040301125053.GA94405@vega.glbx.net> Date: Mon, 1 Mar 2004 16:38:54 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 X-Server: High Performance Mail Server - http://surgemail.com cc: freebsd-security@freebsd.org Subject: Re: procfs + chmod = no go X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 01 Mar 2004 14:37:25 -0000 It should accomplish the same thing, but for some reason (and maybe thats how it was intended to be) the whole process tree can still be viewed from /proc This may be considered a bug but can be easily fixed with a small kernel patch. ----- Original Message ----- From: "Andy Gilligan" To: Sent: Monday, March 01, 2004 2:50 PM Subject: Re: procfs + chmod = no go > On Mon, 1 Mar 2004 at 12:27, Dag-Erling Smørgrav wrote: > > "Jimmy Scott" writes: > > > Is this possible on FreeBSD 4.9 ? Can't find anything about it in the > > > manual pages. Just want to prevent lusers from running: > > > > > > for file in /proc/*/cmdline; do cat $file; echo; done > > > > Why? They can get the same information from ps(1) or the kern.proc > > sysctl tree. > > > > (in 5.2, you can set security.bsd.see_other_uid to 0 to prevent users > > from seeing other users' processes) > > Surely kern.ps_showallprocs would accomplish the same thing in 4.x ? > > -Andy > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" >