[prev in list] [next in list] [prev in thread] [next in thread] 

List:       focus-sun
Subject:    Re: privacy procs
From:       Konrad Rieck <rieck () INF ! FU-BERLIN ! DE>
Date:       2000-03-28 20:20:44
[Download RAW message or body]

On Tue, 28 Mar 2000, Andy De Petter wrote:

> Hi,
>
> On Linux you have a kernel patch called OpenWall Project
> (http://www.openwall.com).  It has the possibility to restrict the ps
> -ef output of ordinary users.
>
> If a user does ps -ef he can't see more than his own processes.
>
> Is there a possibility to do this on Solaris?  I have taken a look at
> RBAC in Solaris 8, but that's more like giving normal users more
> privileges to the system, and not less.  Also the restricted shell in
> Solaris 8, doesn't have the capabilities of doing such.

Under Solaris they are two possibilities to gain information about the
current state of processes, either by reading the /proc entries or by
accessing the structured proc inside kernel.
Most tools don have access to kernel memory, therefore they use the /proc
directory to read out structs as psinfo, ...

The /proc directory is controlled by the (two?) kernel modules procfs and
proc. In order to restrict or modify the read permissions of files inside
the /proc directory, it is necessary to work inside the kernel memory.
Other solutions may help but donnot fix the problem at its root :).

Only a kernel module might be able to completely restrict the proc system.
I am trying to implement above mechanisms into a simple security kernel
module in the coming weeks.

If I succeed, I am going to post the module to the list and share the
source with you.

regards,
Konrad Rieck
http://www.inf.fu-berlin.de/~rieck

[prev in list] [next in list] [prev in thread] [next in thread]