Date: Fri, 12 Oct 2012 09:59:15 -0300 From: schultz@ime.usp.br To: freebsd-questions@freebsd.org Subject: Sysctls and privacy Message-ID: <20121012095915.470864k9735iy883@webmail.ime.usp.br>
next in thread | raw e-mail | index | archive | help
In my system I use separate user accounts for running untrusted programs at the moment. While many will probably argue that jails are a superior solution, in my specific case its the inverse. I know FreeBSD is not ready by default to have multiple untrusted users in the system, at least from a security viewpoint. I have done quite a bit of changes to make the situation better. However, there is something bugging me. Some sysctls apparently expose too much information about the system. Some examples: the number of context switches, the number of forks, the total used memory (at the byte level), the total used space for each file system (at the byte level) and even a graph of how my GEOM devices are organized! I know some programs like gkrellm need this information to function, but on the other hand, I feel pretty uncomfortable with the information presented by gkrellm being logged. It's at the very least a loss of privacy. So, I would like to ask for a way to disable user access to all sysctls that are not needed by basic user programs (shell, terminal, etc). Also, if possible, I would like to have a group of users to whom these sysctls are accessible as an exception (to run gkrellm). Thanks for your time.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20121012095915.470864k9735iy883>