[prev in list] [next in list] [prev in thread] [next in thread]
List: focus-sun
Subject: Re: privacy procs
From: Konrad Rieck <rieck () INF ! FU-BERLIN ! DE>
Date: 2000-03-28 20:20:44
[Download RAW message or body]
On Tue, 28 Mar 2000, Andy De Petter wrote:
> Hi,
>
> On Linux you have a kernel patch called OpenWall Project
> (http://www.openwall.com). It has the possibility to restrict the ps
> -ef output of ordinary users.
>
> If a user does ps -ef he can't see more than his own processes.
>
> Is there a possibility to do this on Solaris? I have taken a look at
> RBAC in Solaris 8, but that's more like giving normal users more
> privileges to the system, and not less. Also the restricted shell in
> Solaris 8, doesn't have the capabilities of doing such.
Under Solaris they are two possibilities to gain information about the
current state of processes, either by reading the /proc entries or by
accessing the structured proc inside kernel.
Most tools don have access to kernel memory, therefore they use the /proc
directory to read out structs as psinfo, ...
The /proc directory is controlled by the (two?) kernel modules procfs and
proc. In order to restrict or modify the read permissions of files inside
the /proc directory, it is necessary to work inside the kernel memory.
Other solutions may help but donnot fix the problem at its root :).
Only a kernel module might be able to completely restrict the proc system.
I am trying to implement above mechanisms into a simple security kernel
module in the coming weeks.
If I succeed, I am going to post the module to the list and share the
source with you.
regards,
Konrad Rieck
http://www.inf.fu-berlin.de/~rieck
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic