Date: Tue, 16 Nov 1999 20:58:29 +0800 From: Peter Wemm <peter@netplex.com.au> To: Poul-Henning Kamp <phk@critter.freebsd.dk> Cc: Sheldon Hearn <sheldonh@uunet.co.za>, Matthew Dillon <dillon@apollo.backplane.com>, current@FreeBSD.ORG Subject: Re: PATCH for testing Message-ID: <19991116125829.9ED091CA0@overcee.netplex.com.au> In-Reply-To: Your message of "Tue, 16 Nov 1999 10:17:44 %2B0100." <24359.942743864@critter.freebsd.dk>
next in thread | previous in thread | raw e-mail | index | archive | help
Poul-Henning Kamp wrote: > In message <45617.942743642@axl.noc.iafrica.com>, Sheldon Hearn writes: > > > > > >On Tue, 16 Nov 1999 07:19:52 +0100, Poul-Henning Kamp wrote: > > > >> > Why don't we get rid of the 'e' option to ps while we are at it > >> > considering how much of a security hole it is. > >> > >> Hmm, well, I like to have it around for root at least... > > > >Exactly. > > > >In a perfect world, the -e option will only allow inspection of the > >environment of processes for which the owner of the ps process has > >sufficient priveledge. > > Yes that makes sense, because if all comes to all they could attach > a debugger and find it that way anyway. If the command line is obtained other ways, then the easiest way to implement this should be to delay opening the mem file until it's required and turn off the setgid bit for the open. Or better yet, turn off setgid entirely and use sysctl and eproc for everything, but allow -e to work if the user could open /proc/*/mem.. Or something like that. Cheers, -Peter To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19991116125829.9ED091CA0>