On Mon, Apr 21, 2003 at 01:53:48AM +0200, Cristian Ionescu-Idbohrn wrote: > On Sun, 20 Apr 2003, Brian McGroarty wrote: > > > I'd like to disable netstat and similar programs for my shell > > users. > > Could this be an alternative solution? > > # dpkg-statoverride --update --add root root 700 /bin/netstat
The problem is that netstat sources its information from world-readable sources in /proc, so people could still build their own netstat or parse /proc on their own. So far as I can tell, there's no non-hackish way to accomplish what I'd like. I have to either hold a file open to make chmod changes stay in effect in /proc, or I have to patch the kernel. This sure seems kind of silly... why add all these things into Big Giant Namespace and not honor all of the conventions of the same? I think /proc/* not supporting chmod changes for the duration of a system's uptime could be classified as a bug or a major design flaw. :/
