From owner-freebsd-current  Tue Nov 16  1:13:26 1999
Delivered-To: freebsd-current@freebsd.org
Received: from nhj.nlc.net.au (nhj.nlc.net.au [203.24.133.1])
	by hub.freebsd.org (Postfix) with SMTP id 1A1E3151DD
	for <freebsd-current@freebsd.org>; Tue, 16 Nov 1999 01:13:13 -0800 (PST)
	(envelope-from john@nlc.net.au)
Received: (qmail 16384 invoked from network); 16 Nov 1999 20:13:11 +1100
Received: from pacer.nlc.net.au (203.24.133.16)
  by nhj.nlc.net.au with SMTP; 16 Nov 1999 20:13:11 +1100
Received: (qmail 56087 invoked from network); 16 Nov 1999 20:13:09 +1100
Received: from localhost (HELO nlc.net.au) (john@127.0.0.1)
  by localhost.nlc.net.au with SMTP; 16 Nov 1999 20:13:09 +1100
Message-ID: <3831201F.7F7ED519@nlc.net.au>
Date: Tue, 16 Nov 1999 20:13:03 +1100
From: John Saunders <john@nlc.net.au>
Organization: NORTHLINK COMMUNICATIONS PTY LTD
X-Mailer: Mozilla 4.61 [en] (X11; I; FreeBSD 4.0-CURRENT i386)
X-Accept-Language: en
MIME-Version: 1.0
To: freebsd-current@freebsd.org
Subject: Re: PATCH for testing
References: <199911160144.RAA08909@implode.root.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

> >    And, also, we need to get rid of the 'e' option to ps entirely.  It's a
> >    major security hole.
> 
>    I agree that we need to get rid of 'e' and any other options that allow
> reading another process's environment.

How about protecting the -e option by a test for setuid() == 0 instead
of removing it entirely. That would remove the security concern, but
still retain the function for root. Removing the function for root is
useless from a security point of view, as anybody with root access
can simply compile an alternative version of ps(1) with -e back in it.

Cheers.
--           
+------------------------------------------------------------+
        .     | John Saunders  - mailto:john@nlc.net.au           
(EMail) |
    ,--_|\    |                - http://www.nlc.net.au/             
(WWW) |
   /  Oz  \   |                - 02-9489-4932 or 04-1822-3814     
(Phone) |
   \_,--\_/   | NORTHLINK COMMUNICATIONS P/L - Supplying a
professional,   |
         v    | and above all friendly, internet connection
service.       |
             
+------------------------------------------------------------+


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message