Re: Disabling netstat
On Mon, Apr 21, 2003 at 01:53:48AM +0200, Cristian Ionescu-Idbohrn wrote:
> On Sun, 20 Apr 2003, Brian McGroarty wrote:
>
> > I'd like to disable netstat and similar programs for my shell
> > users.
>
> Could this be an alternative solution?
>
> # dpkg-statoverride --update --add root root 700 /bin/netstat
The problem is that netstat sources its information from
world-readable sources in /proc, so people could still build their own
netstat or parse /proc on their own.
So far as I can tell, there's no non-hackish way to accomplish what
I'd like. I have to either hold a file open to make chmod changes stay
in effect in /proc, or I have to patch the kernel.
This sure seems kind of silly... why add all these things into Big
Giant Namespace and not honor all of the conventions of the same? I
think /proc/* not supporting chmod changes for the duration of a
system's uptime could be classified as a bug or a major design
flaw. :/
Reply to: