Brian McGroarty wrote:
This sure seems kind of silly... why add all these things into Big
Giant Namespace and not honor all of the conventions of the same? I
think /proc/* not supporting chmod changes for the duration of a
system's uptime could be classified as a bug or a major design
flaw. :/
I say it's the 2nd. It was never the idea in Linux to limit the basic
system tools to a few users only.
Of course it is possible. Perhaps it would be a good idea to implement
such security in one of the next kernel versions.
Many kernel hackers will call it security by obscurity.
With a correct installation and setup there is no problem when normal
users can get information out of procfs.
Especially disabling netstat with procfs is not the best idea. There are
possibilities to get much information without procfs. In my thoughts are
utilities like nmap.
