Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 12 Oct 2012 09:59:15 -0300
From:      schultz@ime.usp.br
To:        freebsd-questions@freebsd.org
Subject:   Sysctls and privacy
Message-ID:  <20121012095915.470864k9735iy883@webmail.ime.usp.br>

Next in thread | Raw E-Mail | Index | Archive | Help
In my system I use separate user accounts for running untrusted
programs at the moment. While many will probably argue that jails
are a superior solution, in my specific case its the inverse.

I know FreeBSD is not ready by default to have multiple untrusted
users in the system, at least from a security viewpoint. I have
done quite a bit of changes to make the situation better.

However, there is something bugging me. Some sysctls apparently
expose too much information about the system. Some examples: the
number of context switches, the number of forks, the total used
memory (at the byte level), the total used space for each file
system (at the byte level) and even a graph of how my GEOM devices
are organized!

I know some programs like gkrellm need this information to function,
but on the other hand, I feel pretty uncomfortable with the
information presented by gkrellm being logged. It's at the very least
a loss of privacy.

So, I would like to ask for a way to disable user access to all
sysctls that are not needed by basic user programs (shell, terminal, etc).
Also, if possible, I would like to have a group of users to whom
these sysctls are accessible as an exception (to run gkrellm).

Thanks for your time.





Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?20121012095915.470864k9735iy883>