Re: Debian-Harden

To: debian-devel@lists.debian.org
Subject: Re: Debian-Harden
From: phil@bolthole.com
Date: Tue, 15 May 2001 16:39:37 -0700
Message-id: <[🔎] 20010515163937.A19889@bolthole.com>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <[🔎] 20010515105244.E15731@justice.loyola.edu>; from mstone@debian.org on Tue, May 15, 2001 at 10:52:44AM -0400
References: <[🔎] 20010515084333.A619@billgotchy.de> <[🔎] 20010515105244.E15731@justice.loyola.edu>

On Tue, May 15, 2001 at 10:52:44AM -0400, Michael Stone wrote:
> On Tue, May 15, 2001 at 08:43:33AM +0200, bounce-debian-devel=mstone=cs.loyola.edu@lists.debian.org wrote:
> > There are some commands on System, which are similar useable for root and
> > user. Think of ps, everyone on an linux-system is able to run "ps aux", so
> > it is shown all processes of the host.
> > I think, it it fully enaough, to let an user only make ps -a", for example,
> > to see the own processes.
> 
> That level of information hiding is out of scope for a general unix
> system.

Some Other unixen restrict users **in the kernel** to only view info on
their own processes, unless root id. 
Which means ps is a setuid root executable, to allow viewing all processes.
If it isnt setuid, users cant view that info any more.

I would think changing the owner/perms on the pid area of /proc should be a
relatively straightforward kernel hack.

Reply to:

Follow-Ups:
- Re: Debian-Harden
  - From: Alexander Hvostov <vulture@aoi.dyndns.org>
- Re: Debian-Harden
  - From: Ethan Benson <erbenson@alaska.net>

References:
- Debian-Harden
  - From: <list@lists.debian.org>
- Re: Debian-Harden
  - From: Michael Stone <mstone@debian.org>

Prev by Date: Re: ITP: dsh -- dancer's shell, or distributed shell.
Next by Date: Re: Debian-Harden
Previous by thread: Re: Debian-Harden
Next by thread: Re: Debian-Harden
Index(es):
- Date
- Thread