Brian McGroarty wrote:
This sure seems kind of silly... why add all these things into Big Giant Namespace and not honor all of the conventions of the same? I think /proc/* not supporting chmod changes for the duration of a system's uptime could be classified as a bug or a major design flaw. :/
I say it's the 2nd. It was never the idea in Linux to limit the basic system tools to a few users only. Of course it is possible. Perhaps it would be a good idea to implement such security in one of the next kernel versions.
Many kernel hackers will call it security by obscurity.With a correct installation and setup there is no problem when normal users can get information out of procfs. Especially disabling netstat with procfs is not the best idea. There are possibilities to get much information without procfs. In my thoughts are utilities like nmap.