Mailinglist Archive: opensuse-security (601 mails)

< Previous Next >
Re: [suse-security] /proc
  • From: <mgribov@xxxxxxxxx>
  • Date: Thu, 3 Aug 2000 11:58:46 -0400
  • Message-id: <00a701bffd63$b75bce60$25804fa0@xxxxxxxxx>
>I am surprised you can even chmod something inside there :)

hmmm...
so knowing this now, I am wondering, what part of linux would have to be
re-weritten to alter /proc's structure permanently? Like my own permissions
which will always be there, after reboot or otherwise. And I am not talking
about putting a few lines into boot.local : )

----- Original Message -----
From: Lenz Grimmer <grimmer@xxxxxxx>
To: <suse-security@xxxxxxxx>
Sent: Thursday, August 03, 2000 11:48 AM
Subject: Re: [suse-security] /proc


> Hi,
>
> On Thu, 3 Aug 2000 mgribov@xxxxxxxxx wrote:
>
> > as one of security meausures, I learned that it is a good idea to do
chmod
> > 550 /proc/sys and chmod 550 /proc/net.
> > First question I have, is this true? It seems right, because ordinary
users
> > cannot view network or system information, which is not a bad thing.
> > Second question is, I implemented the above, but after a reboot
permisions
> > were back to standard ( I believe 555). How come?
>
> The /proc filesystem is not a normal directory on your hard disk, it is
> just "mapped" into the directory structure. It is a very dynamic
> structure - I am surprised you can even chmod something inside there :)
>
> If you want to chmod this file every time you reboot, you should add the
> chmod command to the init script /sbin/init.d/boot.local. However, I am
> not sure about the benefit...
>
> Bye,
> LenZ
> --
> ------------------------------------------------------------------
> Lenz Grimmer SuSE GmbH
> mailto:grimmer@xxxxxxx Schanzaeckerstr. 10
> http://www.suse.de/~grimmer/ 90443 Nuernberg, Germany
> Poker Face: The face that launched a thousand chips.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
> For additional commands, e-mail: suse-security-help@xxxxxxxx


< Previous Next >
References