> during a lively discussion in some Norwegian newsgroups the issue was > raised of increasing security on a Linux server by not allowing users > to view process listings. > > Suggestions like restricting access to /proc were named, but there > were few suggestions on how to properly implement this.
It's my conviction that an application that requires the /proc file system is, by default, broken. There have been problems with the /proc file system implementations of various unix operating systems, and I suspect there will be in the future. A multi-user system should not, in my opinion, have a /proc filesystem at all. > Personally I'm a bit sceptic towards this kind of security through > obscurity, but I am hoping some of the readers of this list might have > some input on this. > > Does hiding process give a false sense of security? Is it worth the > effort? What problems can one run into by for example restricting > access to /proc? Are there better ways to hide process information > from users? This is not obscurity. Information leakage is a valid vulnerability. Anything that by default gives sensitive information to users that probably shouldn't have it is, by default, broken. This is why we often change the banners, and edit source to eliminate the overly nosey. By limiting the amount of information untrusted users can gather, we limit the vectors of entry for an attack. Cheers, ellipse
