grsecurity forums

Hello all.

When I set grsec to hide currently logged users it works for command 'w'. But when I run command 'who' I can see all of my users.

Did I do anythign bad?

Than you for an explanation.

Sincerely, Ondrej

Hello

Hmm...interesting work-around. But my setting does this:

Code: Select all

[cievo@krasavec:~]$ w
 23:05:00 up 33 days,  3:02,  2 users,  load average: 0.06, 0.05, 0.00
USER     TTY      FROM              LOGIN@   IDLE   JCPU   PCPU WHAT
[cievo@krasavec:~]$ who
fixinko  ttyp0        Jun 13 18:01 (bind.eu.org)
cievo    ttyp1        Jun 13 23:04 (cievo.network.sk)
[cievo@krasavec:~]$ uname -a
Linux (compiled by Cievo) krasavec 2.6.14.3-grsec #1 Mon Nov 28 22:18:49 CET 2005 i686 GNU/Linux


but my question is if who command is not leak of security in this case?

Did something wrong or this is a default behaviour of grsec?

Thank you, Ondrej Zilinec

To answer the original poster's question, the reason for the difference in output between 'w' and 'who' is due to the fact that 'w' uses /proc to get its information, while 'who' uses the globally-readable /var/run/utmp, and /var/log/wtmp files. Grsecurity's /proc restrictions cause the different 'w' output since you can't view the /proc listings for processes of other users, but to have 'who' report just as strict information you have to create the privileged filter/wrapper like mikeusa suggested.

-Brad

Thank you for your answers guys