procfs + chmod = no go
Andy Gilligan
andy at glbx.net
Mon Mar 1 04:50:58 PST 2004
On Mon, 1 Mar 2004 at 12:27, Dag-Erling Smørgrav wrote:
> "Jimmy Scott" <admin at inet-solutions.be> writes:
> > Is this possible on FreeBSD 4.9 ? Can't find anything about it in the
> > manual pages. Just want to prevent lusers from running:
> >
> > for file in /proc/*/cmdline; do cat $file; echo; done
>
> Why? They can get the same information from ps(1) or the kern.proc
> sysctl tree.
>
> (in 5.2, you can set security.bsd.see_other_uid to 0 to prevent users
> from seeing other users' processes)
Surely kern.ps_showallprocs would accomplish the same thing in 4.x ?
-Andy
More information about the freebsd-security
mailing list