Re: Debian-Harden

To: debian-devel@lists.debian.org
Subject: Re: Debian-Harden
From: Michael Stone <mstone@debian.org>
Date: Tue, 15 May 2001 10:52:44 -0400
Message-id: <[🔎] 20010515105244.E15731@justice.loyola.edu>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <[🔎] 20010515084333.A619@billgotchy.de>; from bounce-debian-devel=mstone=cs.loyola.edu@lists.debian.org on Tue, May 15, 2001 at 08:43:33AM +0200
References: <[🔎] 20010515084333.A619@billgotchy.de>

On Tue, May 15, 2001 at 08:43:33AM +0200, bounce-debian-devel=mstone=cs.loyola.edu@lists.debian.org wrote:
> There are some commands on System, which are similar useable for root and
> user. Think of ps, everyone on an linux-system is able to run "ps aux", so
> it is shown all processes of the host.
> I think, it it fully enaough, to let an user only make ps -a", for example,
> to see the own processes.

That level of information hiding is out of scope for a general unix
system. It does exist, but not in the standard linux kernel. Changing ps
to hide information is futile, as someone could bring their own ps.

> Nmap for example have flags, which are only usable as root, like -sX
> (XMas- Scan). 

nmap does not do the enforcement of those flags, the kernel does. (I.e.,
nmap doesn't have the privilage to make the custom packets required for
those scans unless run as a privilaged user.)

-- 
Mike Stone

Reply to:

Follow-Ups:
- Re: Debian-Harden
  - From: Matt Zimmerman <mdz@debian.org>
- Re: Debian-Harden
  - From: phil@bolthole.com

References:
- Debian-Harden
  - From: <list@lists.debian.org>

Prev by Date: Debian-Harden
Next by Date: Re: woody release task needs help: package priorities
Previous by thread: Debian-Harden
Next by thread: Re: Debian-Harden
Index(es):
- Date
- Thread