On Tuesday, 23 July 2002, at 15:28:45 +0200, Remco B. Brink wrote: > Suggestions like restricting access to /proc were named, but there > were few suggestions on how to properly implement this. > Check http://www.grsecurity.org/ for recent linux kernel patches that, among other things, give you a restricted /proc where users can only see their own processes.
> Personally I'm a bit sceptic towards this kind of security through > obscurity, but I am hoping some of the readers of this list might have > some input on this. > I don't think this is security through obscurity, but some kind of least priviledge/knowlege. Maybe the sole knowledge of other users' runnning processes (and command line arguments) is not enough to escalate priviledges or gain unauthorized access, but can give you enough information to concentrate your attack against certain users or applications, or ease the cracker's job. Is like having /etc/security/limits.conf world-readable: won't give you the ability to take the box down, but if you know which users have no restrictions on resources, you can focus on them. Regards, -- Jose Luis Domingo Lopez Linux Registered User #189436 Debian Linux Woody (Linux 2.4.19-pre6aa1)
