Date: Tue, 16 Nov 1999 20:13:03 +1100 From: John Saunders <john@nlc.net.au> To: freebsd-current@freebsd.org Subject: Re: PATCH for testing Message-ID: <3831201F.7F7ED519@nlc.net.au> References: <199911160144.RAA08909@implode.root.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> > And, also, we need to get rid of the 'e' option to ps entirely. It's a
> > major security hole.
>
> I agree that we need to get rid of 'e' and any other options that allow
> reading another process's environment.
How about protecting the -e option by a test for setuid() == 0 instead
of removing it entirely. That would remove the security concern, but
still retain the function for root. Removing the function for root is
useless from a security point of view, as anybody with root access
can simply compile an alternative version of ps(1) with -e back in it.
Cheers.
--
+------------------------------------------------------------+
. | John Saunders - mailto:john@nlc.net.au
(EMail) |
,--_|\ | - http://www.nlc.net.au/
(WWW) |
/ Oz \ | - 02-9489-4932 or 04-1822-3814
(Phone) |
\_,--\_/ | NORTHLINK COMMUNICATIONS P/L - Supplying a
professional, |
v | and above all friendly, internet connection
service. |
+------------------------------------------------------------+
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3831201F.7F7ED519>