From owner-freebsd-hackers Fri Dec 14 10:31: 3 2001 Delivered-To: freebsd-hackers@freebsd.org Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by hub.freebsd.org (Postfix) with ESMTP id 9D7DA37B405 for ; Fri, 14 Dec 2001 10:30:50 -0800 (PST) Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.11.6/8.11.5) with SMTP id fBEIUei90063; Fri, 14 Dec 2001 13:30:40 -0500 (EST) (envelope-from robert@fledge.watson.org) Date: Fri, 14 Dec 2001 13:30:40 -0500 (EST) From: Robert Watson X-Sender: robert@fledge.watson.org To: Rafter Man Cc: freebsd-hackers@FreeBSD.org Subject: Re: New feutures........... In-Reply-To: <20011214150349.3305.qmail@linuxmail.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Can't address many of these, but will address one. On Fri, 14 Dec 2001, Rafter Man wrote: > Hi FreeBSD lovers :-) > > First af all I would like to thank the FreeBSD developers for making > such a great system! Half a year ago, I had to choose an OS for my > server and the first decision was between Windows and Unix, ofcourse it > didn't take much research to determine that Unix were the better choice. > But now I had to choose from Linux, Solaris and one of the BSD's, and > one of the BSD's is was. After a little reseach I had nerroed it down to > OpenBSD and FreeBSD, and FreeBSD won me over :-) But enough of this, on > to the 2 requests: 1. Is there a way to hide a user from other users? > Fx programs like w, who, users, netstat, top, ps all show what other > users are doing. It would fx be a good idea to hide root or the admin's > activities from other users. If you are trying to catch a cracker, then > you know that he/she if not stupid enough to login while other users > (especial root) are online. But perhaps this feuture to hide a user > already exists? -STABLE has this facility to a limited degree: you can use jail, or via the sysctl kern.ps_showallprocs. -CURRENT has a much more complete solution here, due to some re-architecting of the way credentials are handled, and has a series of kernel security policy tweaks, including a related kern.security.bsd.see_other_uids sysctl, which also affects the ability to see sockets in netstat, etc. FreeBSD 5.0, depending on the release schedule and how much work we get done, will have some amount of support for several mandatory access control models. Robert N M Watson FreeBSD Core Team, TrustedBSD Project robert@fledge.watson.org NAI Labs, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message