I am surprised you can even chmod something inside there :)
hmmm... so knowing this now, I am wondering, what part of linux would have to be re-weritten to alter /proc's structure permanently? Like my own permissions which will always be there, after reboot or otherwise. And I am not talking about putting a few lines into boot.local : ) ----- Original Message ----- From: Lenz Grimmer <grimmer@suse.de> To: <suse-security@suse.com> Sent: Thursday, August 03, 2000 11:48 AM Subject: Re: [suse-security] /proc
Hi,
On Thu, 3 Aug 2000 mgribov@kplab.com wrote:
as one of security meausures, I learned that it is a good idea to do chmod 550 /proc/sys and chmod 550 /proc/net. First question I have, is this true? It seems right, because ordinary users cannot view network or system information, which is not a bad thing. Second question is, I implemented the above, but after a reboot permisions were back to standard ( I believe 555). How come?
The /proc filesystem is not a normal directory on your hard disk, it is just "mapped" into the directory structure. It is a very dynamic structure - I am surprised you can even chmod something inside there :)
If you want to chmod this file every time you reboot, you should add the chmod command to the init script /sbin/init.d/boot.local. However, I am not sure about the benefit...
Bye, LenZ -- ------------------------------------------------------------------ Lenz Grimmer SuSE GmbH mailto:grimmer@suse.de Schanzaeckerstr. 10 http://www.suse.de/~grimmer/ 90443 Nuernberg, Germany Poker Face: The face that launched a thousand chips.
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com