On Tue, Jul 23, 2002 at 03:28:45PM +0200, Remco B. Brink wrote: > during a lively discussion in some Norwegian newsgroups the issue was > raised of increasing security on a Linux server by not allowing users > to view process listings. > > Suggestions like restricting access to /proc were named, but there > were few suggestions on how to properly implement this.
Solar Designer's Openwall patch has some restricted /proc permissions. That portion of the patch is very easy to understand, so extending it to include everything one might want to hide should be very straightforward. > Does hiding process give a false sense of security? For most users, hiding other's processes is pretty pointless. It can sometimes be very nice indeed, if one must pass a password as a command line argument, or if one is concerned with information leaking from one user to another. -- Outlook users: please do not put my email address in your address book. This way, when you get infected with a virus, my address won't appear in the From: header. Thanks.
msg00410/pgp00000.pgp
Description: PGP signature
