From owner-freebsd-isp Tue Aug 22 13:42:12 2000 Delivered-To: freebsd-isp@freebsd.org Received: from saturn.mikesweb.com (saturn.mikesweb.com [216.91.66.1]) by hub.freebsd.org (Postfix) with SMTP id 36B5D37B440 for ; Tue, 22 Aug 2000 13:42:08 -0700 (PDT) Received: (qmail 69676 invoked from network); 22 Aug 2000 20:42:06 -0000 Received: from delta.mikesweb.com (HELO SUN.mikesweb.com) (@216.91.66.252) by saturn.mikesweb.com with SMTP; 22 Aug 2000 20:42:06 -0000 Message-Id: <4.3.2.7.2.20000822163954.00b2b530@127.0.0.1> X-Sender: sturdee/mail.mikesweb.com@127.0.0.1 X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 Date: Tue, 22 Aug 2000 16:40:58 -0400 To: Paul Saab From: Mike Subject: Re: ps question Cc: freebsd-isp@FreeBSD.ORG In-Reply-To: <20000822103932.A62542@elvis.mu.org> References: <20000821155159.F65562@jade.chc-chimes.com> <4.3.2.7.2.20000821014336.00b81aa0@127.0.0.1> <20000821155159.F65562@jade.chc-chimes.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Actually, I disallowed the use of sysctl for everyone except root.. At 10:39 AM 8/22/2000 -0700, Paul Saab wrote: >Bill Fumerola (billf@chimesnet.com) wrote: > > On Mon, Aug 21, 2000 at 12:53:53PM -0700, FengYue wrote: > > > > > > What's the use of all those hacks in ps code? People can simply either > > > access /proc or directly call kvm_* () functions to get a full list of > > > processes running on the machine, or even simply ftp a ps binary > > > from another freebsd machine. > > > > Exactly. If you don't want users snooping around, installing a watered > > down ps(1) isn't going to help much. > > > > Unmounting /proc may help, not giving users that would abuse an account > > might help, giving users restricted shells might help, a bullet in the > > head of people who abuse your system might help, but a watered down ps(1) > > sadly won't. > >Not only that, you still have access to the sysctl as any user to pull >all the processes, so a watered down ps isn't going to help, but this >patch will.. :) > >If I get some time, I can do somethign similar for procfs. > >paul To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message