[grsec] Users visible on WHO list?
Brad Spengler
spender at grsecurity.net
Mon Jan 3 14:38:41 EST 2005
On Mon, Jan 03, 2005 at 12:19:05PM -0700, Wolfpaw - Dale Corse wrote:
> Hi All,
>
> We have protection enabled for users not to see each others processes (and
> this prevents them from being seen at all on "w") but who still shows them,
> and their IP.
'w' uses /proc for its information while 'who' uses /var/run/utmp and
ttys for its information. A possible solution is to make a utmp group,
and have all binaries run as non-root that you want to allow to read
/var/run/utmp to be sgid utmp. You can then chgrp utmp /var/run/utmp,
chmod o-rwx /var/run/utmp, and either disable who, or modify its source
so that it only displays information for their uid.
Note that you can still see who is on the box by looking in /dev/pts.
-Brad
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://grsecurity.net/pipermail/grsecurity/attachments/20050103/ea214853/attachment.pgp
More information about the grsecurity
mailing list