Mailinglist Archive: opensuse (2372 mails)
| < Previous | Next > |
Re: [SLE] Why is /proc world readable
- From: Cliff Sarginson <cliff@xxxxxxxxxxxxxxx>
- Date: Mon, 22 Jan 2001 08:34:01 GMT
- Message-id: <E14KcQL-000HAY-00@xxxxxxxxxxxxxxxxxxxxxx>
> > I removed world read/execute permissions from /proc and I can't see
> > that it broke anything, so far.
> >
> > Why is /proc world readable by default? I don't want shell users
> > snooping around in there.
>
> Er, why not? What are you hoping to stop them seeing? The /proc
> directory is there for programs, especially scripts, to see what the
> system is doing. All the world readable information in there would be
> available via the system API at the C level anyway, so you haven't
> closed what you perceive to be a security hole.
>
> The stuff in /proc which shouldn't be seen by regular users is protected
> by read/write permissions already: try looking at the contents of a
> directory which represents a process you don't own.
>
> I would suggest you put it back. There's not much that uses /proc that
> you might use on a day to day basis, but you're going to hit some pretty
> weird errors sooner or later.
ps uses it..
> > that it broke anything, so far.
> >
> > Why is /proc world readable by default? I don't want shell users
> > snooping around in there.
>
> Er, why not? What are you hoping to stop them seeing? The /proc
> directory is there for programs, especially scripts, to see what the
> system is doing. All the world readable information in there would be
> available via the system API at the C level anyway, so you haven't
> closed what you perceive to be a security hole.
>
> The stuff in /proc which shouldn't be seen by regular users is protected
> by read/write permissions already: try looking at the contents of a
> directory which represents a process you don't own.
>
> I would suggest you put it back. There's not much that uses /proc that
> you might use on a day to day basis, but you're going to hit some pretty
> weird errors sooner or later.
ps uses it..
| < Previous | Next > |