Re: [cobalt-users] securing "ps"

["Steve Werby" <steve-lists@xxxxxxxxxxxx>]

<flash22@xxxxxxx> wrote:
To: <cobalt-users@xxxxxxxxxxxxxxx>
Sent: Friday, November 16, 2001 12:01 AM
Subject: Re: [cobalt-users] securing "ps"


> On Thu, 15 Nov 2001, Steve Werby wrote:
>
> > "Jonathan M. Slivko" <jslivko@xxxxxxxxxxxx> wrote:
> > > Has anyone here ever successfully secured "ps" on a RaQ4i so it will
only
> > > show the current users proccesses, and not all of the systems
proccesses
> > > when a ps aux is done? Also, are there any good security sites just
> > devoted
> > > to Cobalt's that I should look into for securing my system?
> >
> > I haven't tried, but if I wanted that behavior I'd do something like
this:
> >
> > Move /bin/ps to a new location and give it an obscure name.  Right a
bash
> > script that limits what ps outputs and what flags can be used with it
(if
> > that's another concern) and name it /bin/ps and make it chmod 555 or
> > something else that's appropriate.  A quick hack would be something like
> >
> > #!/bin/sh
> >
> > ps | grep $USER
> >
> > That's not a perfect solution, but it'll get you started.
>
> and as a user i'd just ls /proc ;)
>
> The real way to do this is to restrict access to proc (via mount options,
> that *is* why it's mountable ;), but this will also
> break some things in linux...quite a few in fact ;)
>
> Given that a user can probably make pretty educated guesses about what's
> probably running on a web server , i don't really see why a restricted
> ps is all that much safer than a normal one ;)

Me either.  But that's what the poster wanted...at least before he started
disciplining his brain.  ;-)  Regardless, wrapping programs in a basic shell
will be effective against casual users so if you subscribe to the theory
that more is better than less, whether it's the right way or not may not
matter...

--
Steve Werby
President, Befriend Internet Services LLC
http://www.befriend.com/