From owner-freebsd-security@FreeBSD.ORG Sun Feb 29 12:35:48 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9EC0B16A4CE for ; Sun, 29 Feb 2004 12:35:48 -0800 (PST) Received: from diaspar.rdsnet.ro (diaspar.rdsnet.ro [213.157.165.224]) by mx1.FreeBSD.org (Postfix) with ESMTP id B4D8843D1D for ; Sun, 29 Feb 2004 12:35:47 -0800 (PST) (envelope-from dudu@diaspar.rdsnet.ro) Received: (qmail 74494 invoked by uid 89); 29 Feb 2004 20:35:43 -0000 Received: from unknown (HELO diaspar.rdsnet.ro) (dudu@diaspar.rdsnet.ro@213.157.165.224) by 0 with AES256-SHA encrypted SMTP; 29 Feb 2004 20:35:43 -0000 Date: Sun, 29 Feb 2004 22:35:41 +0200 From: Vlad Galu To: freebsd-security@freebsd.org Message-Id: <20040229223541.72d6a26f.dudu@diaspar.rdsnet.ro> In-Reply-To: <1298.213.224.103.192.1078085673.squirrel@webmail.boxke.be> References: <1298.213.224.103.192.1078085673.squirrel@webmail.boxke.be> X-Mailer: Sylpheed version 0.9.9 (GTK+ 1.2.10; i386-portbld-freebsd4.9) Mime-Version: 1.0 Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg="pgp-sha1"; boundary="Signature=_Sun__29_Feb_2004_22_35_41_+0200_5YpzARycRi+xoY=+" Subject: Re: procfs + chmod = no go X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 29 Feb 2004 20:35:48 -0000 --Signature=_Sun__29_Feb_2004_22_35_41_+0200_5YpzARycRi+xoY=+ Content-Type: text/plain; charset=US-ASCII Content-Disposition: inline Content-Transfer-Encoding: 7bit "Jimmy Scott" writes: |Hello, | |I was wondering if it was possible to limit user access on /proc |without having to use securelevels. |For some reason chmod 751 /proc (or 750) does nothing. | |Is this possible on FreeBSD 4.9 ? Can't find anything about it in the |manual pages. Just want to prevent lusers from running: | |for file in /proc/*/cmdline; do cat $file; echo; done I usually mount procfs in a directory where only 'power-users' have access to. Then symlink /proc to that dir, so the apps that possibly need procfs and are being run by one of the power-users work. | | |Greetz, | | |Jimmy Scott |_______________________________________________ |freebsd-security@freebsd.org mailing list |http://lists.freebsd.org/mailman/listinfo/freebsd-security |To unsubscribe, send any mail to |"freebsd-security-unsubscribe@freebsd.org" | | |!DSPAM:40424861309032038777972! | | ---- If it's there, and you can see it, it's real. If it's not there, and you can see it, it's virtual. If it's there, and you can't see it, it's transparent. If it's not there, and you can't see it, you erased it. --Signature=_Sun__29_Feb_2004_22_35_41_+0200_5YpzARycRi+xoY=+ Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQFAQk0eP5WtpVOrzpcRAhNCAJ4w5+5TR+gc/MWqKJW/m4Nolq+nQwCfSv/u 1gxZFk6GF/VTUQ3r40Tj2Og= =9qFD -----END PGP SIGNATURE----- --Signature=_Sun__29_Feb_2004_22_35_41_+0200_5YpzARycRi+xoY=+--