On Thu, Sep 09, 1999, Mike Pritchard wrote:
> I used to work somewhere where we didn't wany any of the users
> to know anything about any other groups of users processes.
> We did this by restricting ps to only show other procs that
> had the same primary group as the person executing ps.
> Root and group wheel (or some equivalent) could always see
> all running procs. You could always go hunting through the
> file systems, but their own directory permissions were their problem,
> not ours.
It would be trivial, in FreeBSD. Simply hack a few lines of
VFS code in procfs to change permissions from
(S_IRUSR | S_IRGRP | S_IROTH | S_IXUSR | S_IXGRP | S_IXOTH)
to
(S_IRUSR | S_IRGRP | S_IXUSR | S_IXGRP)
^^^^^^^ ^^^^^^^
Optional; if you don't want people in the same group
seeing processes, do not use these permissions.
I haven't looked into it, but it should be rather trivial, if
such security is important.
> -Mike
> --
> Mike Pritchard
> m...@freebsd.org or m...@mpp.pro-ns.net
>
>
> To Unsubscribe: send mail to majord...@freebsd.org
> with "unsubscribe freebsd-hackers" in the body of the message
--
|Chris Costello <ch...@calldei.com>
|Feet Smell? Nose Run? Hey, you're upside down!
`-------------------------------------------------
To Unsubscribe: send mail to majord...@freebsd.org
with "unsubscribe freebsd-hackers" in the body of the message
