From owner-freebsd-isp Mon Aug 21 12:52: 1 2000 Delivered-To: freebsd-isp@freebsd.org Received: from jade.chc-chimes.com (jade.chc-chimes.com [216.28.46.6]) by hub.freebsd.org (Postfix) with ESMTP id C66CF37B423 for ; Mon, 21 Aug 2000 12:51:59 -0700 (PDT) Received: by jade.chc-chimes.com (Postfix, from userid 1001) id 3EF941C6C; Mon, 21 Aug 2000 15:51:59 -0400 (EDT) Date: Mon, 21 Aug 2000 15:51:59 -0400 From: Bill Fumerola To: FengYue Cc: Mike , James Housley , freebsd-isp@FreeBSD.ORG Subject: Re: ps question Message-ID: <20000821155159.F65562@jade.chc-chimes.com> References: <4.3.2.7.2.20000821014336.00b81aa0@127.0.0.1> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: ; from fengyue@bluerose.windmoon.nu on Mon, Aug 21, 2000 at 12:53:53PM -0700 X-Operating-System: FreeBSD 3.3-STABLE i386 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, Aug 21, 2000 at 12:53:53PM -0700, FengYue wrote: > > What's the use of all those hacks in ps code? People can simply either > access /proc or directly call kvm_* () functions to get a full list of > processes running on the machine, or even simply ftp a ps binary > from another freebsd machine. Exactly. If you don't want users snooping around, installing a watered down ps(1) isn't going to help much. Unmounting /proc may help, not giving users that would abuse an account might help, giving users restricted shells might help, a bullet in the head of people who abuse your system might help, but a watered down ps(1) sadly won't. -- Bill Fumerola - Network Architect, BOFH / Chimes, Inc. billf@chimesnet.com / billf@FreeBSD.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message