[classic-discuss] Question about "top" on TCS 2.0U1
Dominik Schips
mail-lists at s235.de
Thu Jun 30 06:42:41 UTC 2005
Jaakko Heinonen wrote:
> Hi,
>
> On Wed, Jun 29, 2005 at 21:37:26 +0200, Dominik Schips wrote:
>
>>Now I noticed that if I use top as normal user, I can only see my own
>>processes.
>
>
>>Is this a "new" feature?
>
>
> Yes, it's a grsecurity feature. (You have only grsecurity role based
> access control disabled. There are also other grsecurity features.)
>
> Here is the documentation of the relevant kernel config options:
>
> onfig GRKERNSEC_PROC
> bool "Proc restrictions"
> help
> If you say Y here, the permissions of the /proc filesystem
> will be altered to enhance system security and privacy. You MUST
> choose either a user only restriction or a user and group restriction.
> Depending upon the option you choose, you can either restrict users to
> see only the processes they themselves run, or choose a group that can
> view all processes and files normally restricted to root if you choose
> the "restrict to user only" option. NOTE: If you're running identd as
> a non-root user, you will have to run it as the group you specify here.
>
> config GRKERNSEC_PROC_USER
> bool "Restrict /proc to user only"
> depends on GRKERNSEC_PROC
> help
> If you say Y here, non-root users will only be able to view their own
> processes, and restricts them from viewing network-related information,
> and viewing kernel symbol and module information.
>
Thank you. I'm not familiar with grsecurity yet. But I should have a
closer look at it. It has nice features.
You did a great job with TCS 2.0U1.
--
Best regards,
Dominik Schips
More information about the Classic-discuss
mailing list