Gentoo Archives: gentoo-hardened

From: Casper the Friendly Ghost <casper@×××××××××××××××××.com>
To: gentoo-hardened@l.g.o
Subject: [gentoo-hardened] grsec & logged users
Date: Wed, 17 Nov 2004 15:21:37
Message-Id: 200411171022.40808.casper@camelot.homelinux.com
1 By enabling the /proc restrictions in grsec users (among other things) cannot
2 view who is logged in with w:
3
4 [10:13:39] casper@camelot:[~]$ w
5 10:13:40 up 40 days, 15:48, 4 users, load average: 0.28, 0.26, 0.10
6 USER TTY LOGIN@ IDLE JCPU PCPU WHAT
7 [10:13:40] casper@camelot:[~]$
8
9 however, this can easily be bypassed with who:
10
11 [10:13:40] casper@camelot:[~]$ who
12 casper vc/5 Nov 12 07:28
13 casper pts/696 Nov 1 15:57
14 casper pts/1007 Nov 16 15:25 (work)
15 casper pts/1033 Nov 17 10:13 (work)
16 [10:14:11] casper@camelot:[~]$
17
18 While it is true that who will not display the command currently active for
19 each user, everything else can be viewed from who also.
20
21 Couldn't it be possible for grsec to have another option
22 (restrict /var/run/utmp and /var/log/wtmp) ? Users don't need neither read
23 nor write access (the logging done in the files is done at login).
24
25 Just a thought...:)
26
27 -cos
28
29 --
30 In Linux We TrUsT !
31
32 --
33 gentoo-hardened@g.o mailing list

Replies

Subject Author
Re: [gentoo-hardened] grsec & logged users Drake Wyrm <wyrm@×××××.com>