Re: limiting "ps" command on every user..
Yo can take a look at http://www.rsbac.de/. This software give you a secured
linux environment and provides a patch to the kernel (called hypersec), that
adds more security to the kernel. One option is /proc protection.
There is arround there a lot of other patches providing similiar functionality,
you only have to download the patch and apply it to the kernel.
I've often wondered why the kernel doesn't have this feature as a compile
time option. Certain other OSes allow this feature (primarily those which
need military security ratings).
I don't think the wrapper idea is a very secure one, because anyone can simply
read the information from /proc. What realy needs to be done is to have an
option to the /proc filesystem kernel module (perhaps it exists now, but it
didn't last time I looked, so forgive me if my info is out of date).
_________________________________________________________
Josep Llauradó Selvas darlock@tinet.org
Linux Registered User #153481
KeyFP: D82F 525C DD22 02C9 6909 20D6 F622 F3E8 18CD C548
The only "intuitive" interface is the nipple.
After that, it's all learned.
(in comp.os.linux.misc, on X interfaces.)
_________________________________________________________
Reply to: