grsecurity forums


https://forums.grsecurity.net./

Need help with simple ACL

https://forums.grsecurity.net./viewtopic.php?f=3&t=758

Page 1 of 1

Need help with simple ACL

PostPosted: Sun Mar 28, 2004 4:51 pm
by abefroman
I am new to grsecurity,

how do i make an acl to prevent top (/usr/bin/top) from being executed?

In acl I have
/usr/bin/top {
/usr/bin/top r
}

but it still lets me run top.

how do i correct it so top is disabled?

PostPosted: Sun Mar 28, 2004 5:40 pm
by spender
Who do you want to not be able to run top? Are you aware that someone could copy a 'top' program to somewhere they can write and execute and it would work the same as the regular top? Have you enabled /proc restrictions to restrict the viewing of processes to only the user's own programs? If you want to disable the execution of top for all people using the default ACL (I assume you're running 1.9) just add:

/usr/bin/top h

to the default ACL (that's the / { blahblah } one)

-Brad

PostPosted: Sun Mar 28, 2004 6:37 pm
by abefroman
Thanks, i just wanted to test the ACL with top to make sure it was working.
All times are UTC - 5 hours [ DST ]
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/