From owner-freebsd-current Sun Feb 21 9:28:37 1999 Delivered-To: freebsd-current@freebsd.org Received: from korin.warman.org.pl (korin.nask.waw.pl [195.187.243.10]) by hub.freebsd.org (Postfix) with ESMTP id A7AAF115DD for ; Sun, 21 Feb 1999 09:28:28 -0800 (PST) (envelope-from abial@nask.pl) Received: from localhost (abial@localhost) by korin.warman.org.pl (8.9.1/8.8.5) with SMTP id SAA02550; Sun, 21 Feb 1999 18:34:22 +0100 (CET) X-Authentication-Warning: korin.warman.org.pl: abial owned process doing -bs Date: Sun, 21 Feb 1999 18:34:22 +0100 (CET) From: Andrzej Bialecki X-Sender: abial@korin.warman.org.pl To: Lyndon Nerenberg Cc: Nate Williams , "Dan - Sr. Admin" , freebsd-current@FreeBSD.ORG Subject: Re: paranoid patches In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Thu, 18 Feb 1999, Lyndon Nerenberg wrote: > > > Basically, it is a patch into libkvm and w, that will allow a user (with > > > the exception to the super user, naturally) to only view processes or > > > information belonging to him/herself. > > > The only problem with this is setuid binaries. The processes may have > > been started by me (top, etc..), but this wouldn't allow me to monitor > > the process once it's started. > > And, anything that can read /dev/[k]mem is free to bypass libkvm and just > grovel around in the kernel memory space, anyway. Not only that - you would need to disable other holes as well, which has been done on purpose. Think of /procfs and sysctl kern.proc..something. Andrzej Bialecki -------------------- ++-------++ ------------------------------------- ||PicoBSD|| FreeBSD in your pocket? Go and see: Research & Academic |+-------+| "Small & Embedded FreeBSD" Network in Poland | |TT~~~| | http://www.freebsd.org/~picobsd/ -------------------- ~-+==---+-+ ------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message