Hello all.
When I set grsec to hide currently logged users it works for command 'w'. But when I run command 'who' I can see all of my users.
Did I do anythign bad?
Than you for an explanation.
Sincerely, Ondrej
who and w commands
4 posts
• Page 1 of 1
who and w commands
by cievo » Mon Jun 12, 2006 4:27 pm
- cievo
- Posts: 3
- Joined: Mon Jun 12, 2006 4:25 pm
OK
by cievo » Tue Jun 13, 2006 4:42 pm
Hello
Hmm...interesting work-around. But my setting does this:
but my question is if who command is not leak of security in this case?
Did something wrong or this is a default behaviour of grsec?
Thank you, Ondrej Zilinec
Hmm...interesting work-around. But my setting does this:
- Code: Select all
[cievo@krasavec:~]$ w
23:05:00 up 33 days, 3:02, 2 users, load average: 0.06, 0.05, 0.00
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
[cievo@krasavec:~]$ who
fixinko ttyp0 Jun 13 18:01 (bind.eu.org)
cievo ttyp1 Jun 13 23:04 (cievo.network.sk)
[cievo@krasavec:~]$ uname -a
Linux (compiled by Cievo) krasavec 2.6.14.3-grsec #1 Mon Nov 28 22:18:49 CET 2005 i686 GNU/Linux
but my question is if who command is not leak of security in this case?
Did something wrong or this is a default behaviour of grsec?
Thank you, Ondrej Zilinec
- cievo
- Posts: 3
- Joined: Mon Jun 12, 2006 4:25 pm
by spender » Tue Jun 13, 2006 10:09 pm
To answer the original poster's question, the reason for the difference in output between 'w' and 'who' is due to the fact that 'w' uses /proc to get its information, while 'who' uses the globally-readable /var/run/utmp, and /var/log/wtmp files. Grsecurity's /proc restrictions cause the different 'w' output since you can't view the /proc listings for processes of other users, but to have 'who' report just as strict information you have to create the privileged filter/wrapper like mikeusa suggested.
-Brad
-Brad
- spender
- Posts: 2185
- Joined: Wed Feb 20, 2002 8:00 pm
4 posts
• Page 1 of 1