From owner-freebsd-current  Tue Nov 16  9:26:35 1999
Delivered-To: freebsd-current@freebsd.org
Received: from yana.lemis.com (yana.lemis.com [192.109.197.140])
	by hub.freebsd.org (Postfix) with ESMTP id 91A8F15263
	for <current@FreeBSD.ORG>; Tue, 16 Nov 1999 09:26:22 -0800 (PST)
	(envelope-from grog@mojave.sitaranetworks.com)
Received: from mojave.sitaranetworks.com (mojave.sitaranetworks.com [199.103.141.157])
	by yana.lemis.com (8.8.8/8.8.8) with ESMTP id DAA22549;
	Wed, 17 Nov 1999 03:56:06 +1030 (CST)
	(envelope-from grog@mojave.sitaranetworks.com)
Message-ID: <19991116122529.27283@mojave.sitaranetworks.com>
Date: Tue, 16 Nov 1999 12:25:29 -0500
From: Greg Lehey <grog@mojave.sitaranetworks.com>
To: Matthew Dillon <dillon@apollo.backplane.com>,
	Garance A Drosihn <drosih@rpi.edu>
Cc: Lyndon Nerenberg <lyndon@orthanc.ab.ca>, current@FreeBSD.ORG
Subject: Re: ps -e
Reply-To: Greg Lehey <grog@lemis.com>
References: <199911152248.dAFMmaQ18726@orthanc.ab.ca> <v04210102b4564d03f393@[128.113.24.47]> <199911160027.QAA46037@apollo.backplane.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
In-Reply-To: <199911160027.QAA46037@apollo.backplane.com>; from Matthew Dillon on Mon, Nov 15, 1999 at 04:27:12PM -0800
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Monday, 15 November 1999 at 16:27:12 -0800, Matthew Dillon wrote:
> :>    Matthew>     Why don't we get rid of the 'e' option to ps while we
> :>    Matthew> are at it considering how much of a security hole it is.
> :>
> :>I wouldn't nuke it completely. Make -e a noop unless the real uid ps
> :>is running with matches the effective uid of the process being reported.
> :>And if ps is invoked with a real uid of 0, -e works as it does now.
> :
> :I'd favor something like this.  The unixes I am most used to did not
> :have '-e' as an option, and I had two immediate reactions when I found
> :freebsd's did:
> :    1) wow, this is great for debugging a problem I'm having
> :    2) yikes, what a security exposure!  (I have some scripts
> :       where a password is passed from one script to another
> :       one via an environment variable...)
>
>     Yes, or by 'root'.  Personally, I would like to see the option removed
>     entirely.  I don't think a half-measure would improve the security
>     problem much.
>
> :So, I'd like to have it for debugging my own processes, but
> :...
> :Garance Alistair Drosehn           =   gad@eclipse.acs.rpi.edu
>
>     gdb.
>
>     I shudder to think that people might actually start depending on this
>     non-feature.  Better for it to just go away.

Looks like another case for a config knob.

Greg
--
Finger grog@lemis.com for PGP public key
See complete headers for address and phone numbers


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message