[Gllug] Restricting Process Visibility

- Tethys tethys at gmail.com
Wed May 17 14:09:17 UTC 2006


On 5/17/06, Daniel P. Berrange <dan at berrange.com> wrote:

> Yes, it is basically impossible. At very best you can 'obscure' other user's
> processes by wrapping 'ps' & other similar commands, but any mildly clueful
> person could see all they want from /proc. There is no way to remove /proc
> without breaking a boatload of tools.

Agreed. With a bit of work, a shim library could hide stuff in /proc
(and hence hide it from /proc, too). You'd just need to come up with
some means of preventing the user from unsetting LD_PRELOAD (or
otherwise circumventing whatever method you'd devised for loading the
library).

For the purposes of this argument, however, I'd say it's so close to
impossible that it's not worth bothering with. The cost of
implementing it probably outweighs that of just doing it properly in
the first place.

Tet
-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug




More information about the GLLUG mailing list