Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Suppose I am running vi or mplayer or anything like that and I dont want that anybody who logs in should get to see my processes using ps -aux
Please help me
Distribution: approximately NixOS (http://nixos.org)
Posts: 1,900
Rep:
I guess it is not possible for non-root. Kernel creates entries in /proc, and ps -aux reads it. To change this, you'll need to exploit a vulnerability, I guess.
Distribution: approximately NixOS (http://nixos.org)
Posts: 1,900
Rep:
'w' shows logged in users, these users have gone through some login procedure, like entering login and password. But processes can get ownership through user switch, like when you run SUID binaries. This is not a login.
Of course, if you are the system administrator, it is trivial to stop everyone who is not you from probing for active processes: you stop their permission.
chmod o-x /bin/ps
Every time someone other than root tries to execute ps -aux, they get "permission denied".
If you want to hide your own activity from everybody on a network (which you are not the admin for) then this is tricky to do and trickier to justify.
Distribution: approximately NixOS (http://nixos.org)
Posts: 1,900
Rep:
Sorry, but system administrator who will just break ps for everybody and think he has hidden everything will make a big mistake.
find /proc -mindepth 2 -maxdepth 2 -name cmdline 2>/dev/null | while read; do cat "$REPLY"; echo; done
Sorry, but system administrator who will just break ps for everybody and think he has hidden everything will make a big mistake.
Doesn't block finger either.
One could take steps to disable many approaches - but the only way I can think of to completely hide would be to isolate the machine I'm working on (firewall or unplug from the network).
I suppose one may write something to run in the background, intercepting attempts to read the content of /proc (say) and return dummy strings... but my main concern is: why would you want to?
One reason may be to track down a black-hat who is actively on the network... somehow I suspect this is not the reason here. However, I am prepared to be proved wrong.
Cute... something you'd have to set up as administrator though isn't it?
It's kinda a neat question for admins, since information about what is going on on the network is going to be important for all kinds of things. I'd imagine that a user hiding processes would be a concern.
I guess one could sit down at a machine on someones network and hide what one does on that machine from the network... one could reboot the machine to a live distro (for eg.) reconfigure the machine and exit.
This would mean that the machine spends some time disconnected from the network and it's servers... creating a log entry somewhere depending how it was set up.
But here, you see, I'm talking about compromising a network yet again.
Distribution: approximately NixOS (http://nixos.org)
Posts: 1,900
Rep:
Surely you have! If you can get information about your processes, root also can. Maybe with some kernel security tricks this situation is possible to avoid, but it will be called removing root...
If root allows users to hide processes from each other - but not from root - it can give some security through obscurity benefits (if you do have good security obscurity can improve it a bit) and, what may be more important it can give some privacy or secrecy when it is needed (and root logins are guaranteed to happen only in well-controlled circumstances and with supervision).
What? You've lost me... I need the context there dude.
Quote:
If root allows users to hide processes from each other - but not from root - it can give some security through obscurity benefits
Sure - someone could sit on the network watching other users processes to see if there are any habits which could be exploited... if users processes are private, this cannot happen.
Quote:
what may be more important it can give some privacy or secrecy when it is needed
The privacy aspect is still there - who cares that a user has vi running when you cannot tell what is being edited? The actual writing is still private (except to folk actually in the same room and looking over the user's shoulder... in the end, privacy is a gentleman's agreement. When privacy is enforced with security, it risks becoming a competition -- a challenge.
Quote:
(and root logins are guaranteed to happen only in well-controlled circumstances and with supervision).
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.