[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

/proc permissions patch



Hi

I would like to correct something I wrote here a while ago, regarding one
of the modifications which are part of Mandrake's "Secure" kernel:

in the kernel config menu, under "security", you can disable some of those
features. Anyway, the one I refer to is the option CONFIG_SECURE_PROC ,
which limits the permissions to /proc.

It turns out I didn't read the description well enough. The modification
does allow members of a certain group to view all other processes. This
group is 0 by default, but can be modified with the 'gid' mount option of
/proc .

One thing though: After editing /etc/fstab I first tried 'mount -o remount
/proc' . The output of 'mount' showed that the new gid parameter was used,
but my user could not browse /proc
I had to unmount and mount /proc in order for the change to take effect.

Hope you find this useful.

-- 
Tzafrir Cohen
mailto:tzafrir@technion.ac.il
http://www.technion.ac.il/~tzafrir



=================================================================
To unsubscribe, send mail to linux-il-request@linux.org.il with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail linux-il-request@linux.org.il