Date: Wed, 24 Nov 1999 21:55:54 -0500 From: Garance A Drosihn <drosih@rpi.edu> To: Brian Somers <brian@Awfulhak.org>, Mike Smith <mike@smith.net.au> Cc: freebsd-current@FreeBSD.ORG Subject: Re: ps on 4.0-current Message-ID: <v04210100b4625286fee1@[128.113.24.47]> In-Reply-To: <199911240803.IAA89224@hak.lan.Awfulhak.org> References: <199911240803.IAA89224@hak.lan.Awfulhak.org>
next in thread | previous in thread | raw e-mail | index | archive | help
At 8:03 AM +0000 11/24/99, Brian Somers wrote: > > This was discussed close to death before the changes were committed, > > and the current behaviour (restricted access) has been agreed by > > general consensus to be the most appropriate. > >My reading of the thread was ``I'm going to cache ps args to stop all >the delving into user space to do a ps'', ``but what about the -e >option'', ``ok, I'll make that inaccessible unless you have >permission''. > >I stopped reading the -e thread because I believe it's a good thing to >restrict this. I completely missed that the conversation had moved >on to ``hey, who needs ps args anyway'', and I'm sure that given the >number of messages posted about the -e restriction, others did too. For what it's worth, this is also what happened to me. I tuned out the '-e' thread once I had said my two-bits on the topic (and I was pretty sure the end result would come out OK with me). I did not notice the topic of also removing argv from 'ps'. Removing 'ps -e' ability is fine by me (though I'd prefer that I could see the environment of "my own" processes). I can see how that would improve security, even if it occasionally means a very slight loss in user convenience. I am not at all happy with the idea of removing argv from 'ps' listings. I have scripts which use that information, and it sounds like the only way to fix those scripts would make things WORSE for security. This does not benefit "user convenience" and it does not benefit "security". At the same time, I remember many years ago when another OS that I worked on was trying for security classification. I can see that this behavior *could* be a good idea for situations which want to be really paranoid about security. I would not mind this behavior as a system-wide option, but I'd certainly want the default setting to match current behavior. --- Garance Alistair Drosehn = gad@eclipse.acs.rpi.edu Senior Systems Programmer or drosih@rpi.edu Rensselaer Polytechnic Institute To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?v04210100b4625286fee1>