Maxime Henrion wrote:
> Hello,
>
> I have an idea that I would love to see applied in FreeBSD source code,
> but as I'm not skilled enough to code it, I post it to see if you think
> it makes sense, and if someone would be interested in coding this. It is
> a security measure regarding 'ps' command.
>
> By using the 'ps' command, any user logged in the system can view all
> the running processes, including root's one and processes of other
> users. My idea is to limit a bit this behaviour.
>
> Through a sysctl variable, the root could restrict the list of
> "readable" processes. By readable, I mean that it can be viewed. For
> example, a value of 0 could mean no restriction, 1 would hide root
> processes, 2 would restrict the visible processes to the processes
> owned by users in the same group as the current user, and finally, 3
> would restrict the processes list to those owned by the current user
> (this is the way I'd have done it if I was able to).
>
> Of course, there would be no limitation for the superuser.
>
> The modification must be done at a low enough level so that a user won't
> be able to bypass this security measure by compiling another 'ps' so
> patching 'ps' doesn't suffise (in fact, if it was, I would have done it
> :-).
>
> What do you all think of this ?
>
> Best regards,
>
> Maxime Henrion
>
> To Unsubscribe: send mail to [EMAIL PROTECTED]
> with "unsubscribe freebsd-hackers" in the body of the message
I think it is fascist, butit's your system.
Have Fun,
Sends Steve
P.S.Known to to run wth at.deny and cron.deny set to known one with no
trouble.
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message
