Date: Tue, 16 Nov 1999 12:25:29 -0500 From: Greg Lehey <grog@mojave.sitaranetworks.com> To: Matthew Dillon <dillon@apollo.backplane.com>, Garance A Drosihn <drosih@rpi.edu> Cc: Lyndon Nerenberg <lyndon@orthanc.ab.ca>, current@FreeBSD.ORG Subject: Re: ps -e Message-ID: <19991116122529.27283@mojave.sitaranetworks.com> In-Reply-To: <199911160027.QAA46037@apollo.backplane.com>; from Matthew Dillon on Mon, Nov 15, 1999 at 04:27:12PM -0800 References: <199911152248.dAFMmaQ18726@orthanc.ab.ca> <v04210102b4564d03f393@[128.113.24.47]> <199911160027.QAA46037@apollo.backplane.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Monday, 15 November 1999 at 16:27:12 -0800, Matthew Dillon wrote: > :> Matthew> Why don't we get rid of the 'e' option to ps while we > :> Matthew> are at it considering how much of a security hole it is. > :> > :>I wouldn't nuke it completely. Make -e a noop unless the real uid ps > :>is running with matches the effective uid of the process being reported. > :>And if ps is invoked with a real uid of 0, -e works as it does now. > : > :I'd favor something like this. The unixes I am most used to did not > :have '-e' as an option, and I had two immediate reactions when I found > :freebsd's did: > : 1) wow, this is great for debugging a problem I'm having > : 2) yikes, what a security exposure! (I have some scripts > : where a password is passed from one script to another > : one via an environment variable...) > > Yes, or by 'root'. Personally, I would like to see the option removed > entirely. I don't think a half-measure would improve the security > problem much. > > :So, I'd like to have it for debugging my own processes, but > :... > :Garance Alistair Drosehn = gad@eclipse.acs.rpi.edu > > gdb. > > I shudder to think that people might actually start depending on this > non-feature. Better for it to just go away. Looks like another case for a config knob. Greg -- Finger grog@lemis.com for PGP public key See complete headers for address and phone numbers To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19991116122529.27283>