From owner-freebsd-current  Tue Nov 23 23:25:30 1999
Delivered-To: freebsd-current@freebsd.org
Received: from apollo.backplane.com (apollo.backplane.com [216.240.41.2])
	by hub.freebsd.org (Postfix) with ESMTP
	id 2FEFD14C8E; Tue, 23 Nov 1999 23:25:26 -0800 (PST)
	(envelope-from dillon@apollo.backplane.com)
Received: (from dillon@localhost)
	by apollo.backplane.com (8.9.3/8.9.1) id XAA14764;
	Tue, 23 Nov 1999 23:23:20 -0800 (PST)
	(envelope-from dillon)
Date: Tue, 23 Nov 1999 23:23:20 -0800 (PST)
From: Matthew Dillon <dillon@apollo.backplane.com>
Message-Id: <199911240723.XAA14764@apollo.backplane.com>
To: Peter Wemm <peter@netplex.com.au>
Cc: Christopher Masto <chris@netmonger.net>,
	Poul-Henning Kamp <phk@critter.freebsd.dk>,
	freebsd-current@FreeBSD.ORG, security@FreeBSD.ORG
Subject: Re: ps on 4.0-current 
References:  <19991124070252.96DAD1C6D@overcee.netplex.com.au>
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG


:> > and people who need to hide it can set it to "close" to do so.
:> 
:> Please.  Thank you.
:> 
:> Not everyone wears the sysadmin hat with the face shield and gas mask,
:> as much as it may currently be in style.  If it can work both ways,
:> even better.
:
:Definately!  This is NOT AN ACCEPTABLE CHANGE BY DEFAULT!
:
:Cheers,
:-Peter

    I'm trying to figure out how what started as a fix to a panic turned into
    such a big mess.  And I don't even think the panic has even been fixed ---
    it's just been made more obscure.

    There is a big difference between -e, which very few people use and which
    is an obvious security risk simply because people do not realize it is
    available, and displaying argv from a user-run ps which everyone is used
    to doing.

    When I first suggested removing -e I did so both for security reasons and
    because it would have been trivial to do.  What we have at the moment is
    something entirely different.

    I would be for removing -e, but I would be adamantly opposed to restricting
    the display of command line arguments - not even with an opt-in sysctl.  
    It's just added baggage.  And I don't see much point in trying to make ps 
    and top run faster.  They are plenty fast enough already (well, maybe not
    top, but that's for other reasons unrelated to the display of command
    line arguments).   ps *already* delves (or delved) into kvm to retrieve
    command line arguments only for processes not swapped out, meaning that
    running ps never causes processes or data to be swapped in unless you
    specify the 'f' option.   

    In otherwords, nothing ps does blocks.  I can't imagine how changing 
    the way arguments are fetched by encumbering procfs with even more 
    junk would generate a sufficient boost in performance to be either 
    noticeable visually or worth doing at all.

    It would be nice if the procfs panics were fixed, but not at the cost
    of all of this.

					-Matt
					Matthew Dillon 
					<dillon@backplane.com>


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message