procfs + chmod = no go
Vlad Galu
dudu at diaspar.rdsnet.ro
Sun Feb 29 12:35:48 PST 2004
"Jimmy Scott" <admin at inet-solutions.be> writes:
|Hello,
|
|I was wondering if it was possible to limit user access on /proc
|without having to use securelevels.
|For some reason chmod 751 /proc (or 750) does nothing.
|
|Is this possible on FreeBSD 4.9 ? Can't find anything about it in the
|manual pages. Just want to prevent lusers from running:
|
|for file in /proc/*/cmdline; do cat $file; echo; done
I usually mount procfs in a directory where only 'power-users' have
access to. Then symlink /proc to that dir, so the apps that possibly
need procfs and are being run by one of the power-users work.
|
|
|Greetz,
|
|
|Jimmy Scott
|_______________________________________________
|freebsd-security at freebsd.org mailing list
|http://lists.freebsd.org/mailman/listinfo/freebsd-security
|To unsubscribe, send any mail to
|"freebsd-security-unsubscribe at freebsd.org"
|
|
|!DSPAM:40424861309032038777972!
|
|
----
If it's there, and you can see it, it's real.
If it's not there, and you can see it, it's virtual.
If it's there, and you can't see it, it's transparent.
If it's not there, and you can't see it, you erased it.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-security/attachments/20040229/4be36053/attachment.bin
More information about the freebsd-security
mailing list