From owner-freebsd-hackers Mon Aug 14 4:57:48 2000 Delivered-To: freebsd-hackers@freebsd.org Received: from critter.freebsd.dk (beachchick.freebsd.dk [212.242.32.208]) by hub.freebsd.org (Postfix) with ESMTP id 91E0837B9B0 for ; Mon, 14 Aug 2000 04:57:44 -0700 (PDT) (envelope-from phk@critter.freebsd.dk) Received: from critter (localhost [127.0.0.1]) by critter.freebsd.dk (8.9.3/8.9.3) with ESMTP id GAA42048; Mon, 14 Aug 2000 06:49:05 +0200 (CEST) (envelope-from phk@critter.freebsd.dk) To: Maxime Henrion Cc: freebsd-hackers@FreeBSD.ORG Subject: Re: limit processes that a user can 'see' In-Reply-To: Your message of "Sun, 13 Aug 2000 23:03:05 +0200." <39970D08.4BA72541@qualys.com> Date: Mon, 14 Aug 2000 06:49:05 +0200 Message-ID: <42046.966228545@critter> From: Poul-Henning Kamp Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG In message <39970D08.4BA72541@qualys.com>, Maxime Henrion writes: > Hello, > >I have an idea that I would love to see applied in FreeBSD source code, >but as I'm not skilled enough to code it, I post it to see if you think >it makes sense, and if someone would be interested in coding this. It is >a security measure regarding 'ps' command. > >By using the 'ps' command, any user logged in the system can view all >the running processes, including root's one and processes of other >users. My idea is to limit a bit this behaviour. You can possibly make jail(8) do this for you... -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD coreteam member | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message