Hi. I have a question concerning Solar Designer's patch for Linux Kernel. quotation ... -------------------------------------------------------------------- Restricted /proc. [..........] This option restricts the permissions on /proc so that non-root users can see their own processes only, and nothing about active network connections, unless they're in a special group. This group's id is specified via the gid= mount option, and is 0 by default. (Note: if you're using identd, you will need to edit the inetd.conf line to run identd as this special group.) Also, this disables dmesg(8) for the users. You might want to use this on an ISP shell server where privacy is an issue. Note that these extra restrictions can be trivially bypassed with physical access (without having _______________________________________________________ to reboot). ________(!!!) [........] -------------------------------------------------------------------------- Could you tell me how it is possible? Is it really so trivial? I only find one way to bypass it ... but it requires CONFIG_MAGIC_SYSRQ option compile into kernel... Do you know other ways??? thanks Rafal
This archive was generated by hypermail 2b30 : Wed Jan 23 2002 - 08:14:11 PST