A good implementation of real (and good!) kernel level seperation of
users/processes/etc.. is Pitbull LX by argus-systems.
http://www.argus-systems.com/product/overview/lx/2.shtml
"PitBull LX's unique Secure Application Environment (SAE) protects against
security flaws in application software by
On Tue, 23 Jul 2002, ellipse wrote:
> A multi-user system should not, in my opinion, have a /proc filesystem
> at all.
/proc is good. It is useful for the superuser or management software. It
is useful for users, so they can monitor their own resources. It also
provides a nice interface to do ce
Check out the linux patches @ http://grsecurity.net
quite handy.
--kyleo
On Tue, 23 Jul 2002 [EMAIL PROTECTED] wrote:
> "Remco B. Brink" wrote:
> >
> > Hi,
> >
> > during a lively discussion in some Norwegian newsgroups the issue was
> > raised of increasing security on a Linux server by not a
> during a lively discussion in some Norwegian newsgroups the issue was
> raised of increasing security on a Linux server by not allowing users
> to view process listings.
>
> Suggestions like restricting access to /proc were named, but there
> were few suggestions on how to properly implement thi
On Tue, Jul 23, 2002 at 03:28:45PM +0200, Remco B. Brink wrote:
> during a lively discussion in some Norwegian newsgroups the issue was
> raised of increasing security on a Linux server by not allowing users
> to view process listings.
>
> Suggestions like restricting access to /proc were named,
Hello,
> Suggestions like restricting access to /proc were named, but there
> were few suggestions on how to properly implement this.
>
> Personally I'm a bit sceptic towards this kind of security through
> obscurity, but I am hoping some of the readers of this list might have
> some input on t
On Tuesday, 23 July 2002, at 15:28:45 +0200,
Remco B. Brink wrote:
> Suggestions like restricting access to /proc were named, but there
> were few suggestions on how to properly implement this.
>
Check http://www.grsecurity.org/ for recent linux kernel patches that,
among other things, give you
> Suggestions like restricting access to /proc were named, but there
> were few suggestions on how to properly implement this.
A Linux kernel module is the best way to go if you want to
be able to hide only specific processes. If you prefer to
have more of a 'you can only see your own processe
"Remco B. Brink" wrote:
>
> Hi,
>
> during a lively discussion in some Norwegian newsgroups the issue was
> raised of increasing security on a Linux server by not allowing users
> to view process listings.
>
> Suggestions like restricting access to /proc were named, but there
> were few suggest
