tech-kern: Re: Hiding processes from other users

Subject: Re: Hiding processes from other users
To: None <tech-kern@NetBSD.org>
From: Rui Paulo <phlox-netbsd-kern@fnop.net>
List: tech-kern
Date: 10/15/2004 20:34:03

On 2004.10.15 22:17:47 +0000, Jari Kuittinen wrote:
> Is it possible to hide all processes from users except their own ones? 
> 
> It's possible atleast on Leenux and FreeBSD. In Linux it's done with
> third party kernel patches (like grsec) and FreeBSD seems to have
> builtin support for it (on fbsd 5.x it's only needed to set
> security.bsd.see_other_uids and security.bsd.see_other_gids to 0 with
> sysctl).
> Atleast it's possible with systrace, but imo it's pretty clumsy solution
> for this :)

In NetBSD that's not yet possible, altought I made an incomplete
patch:
http://news.gw.com/netbsd.tech.security/2673/1/unnamed
But this is far from complete (you need to add suser() to the uid
compare check and after that w(1) needs to be changed).

Regards.
-- 
Rui Paulo                          "Simplicity is the ultimate sophistication."
                                      -- Leonardo da Vinci