1 |
By enabling the /proc restrictions in grsec users (among other things) cannot |
2 |
view who is logged in with w: |
3 |
|
4 |
[10:13:39] casper@camelot:[~]$ w |
5 |
10:13:40 up 40 days, 15:48, 4 users, load average: 0.28, 0.26, 0.10 |
6 |
USER TTY LOGIN@ IDLE JCPU PCPU WHAT |
7 |
[10:13:40] casper@camelot:[~]$ |
8 |
|
9 |
however, this can easily be bypassed with who: |
10 |
|
11 |
[10:13:40] casper@camelot:[~]$ who |
12 |
casper vc/5 Nov 12 07:28 |
13 |
casper pts/696 Nov 1 15:57 |
14 |
casper pts/1007 Nov 16 15:25 (work) |
15 |
casper pts/1033 Nov 17 10:13 (work) |
16 |
[10:14:11] casper@camelot:[~]$ |
17 |
|
18 |
While it is true that who will not display the command currently active for |
19 |
each user, everything else can be viewed from who also. |
20 |
|
21 |
Couldn't it be possible for grsec to have another option |
22 |
(restrict /var/run/utmp and /var/log/wtmp) ? Users don't need neither read |
23 |
nor write access (the logging done in the files is done at login). |
24 |
|
25 |
Just a thought...:) |
26 |
|
27 |
-cos |
28 |
|
29 |
-- |
30 |
In Linux We TrUsT ! |
31 |
|
32 |
-- |
33 |
gentoo-hardened@g.o mailing list |