Date: Wed, 10 Oct 2001 13:39:24 -0400 From: Garance A Drosihn <drosih@rpi.edu> To: Dag-Erling Smorgrav <des@ofug.org>, Robert Watson <rwatson@FreeBSD.org> Cc: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/sys/kern kern_proc.c kern_prot.c uipc_socket.c uipc_usrreq.c src/sys/netinet raw_ip.c tcp_subr.c udp_usrreq.c Message-ID: <p05101003b7ea36e1237a@[128.113.24.47]> In-Reply-To: <xzp7ku3h6c8.fsf@flood.ping.uio.no> References: <200110092140.f99LeVA74145@freefall.freebsd.org> <xzp7ku3h6c8.fsf@flood.ping.uio.no>
next in thread | previous in thread | raw e-mail | index | archive | help
At 5:17 PM +0200 10/10/01, Dag-Erling Smorgrav wrote: >Robert Watson <rwatson@FreeBSD.org> writes: >> Log: >> - Combine kern.ps_showallprocs and kern.ipc.showallsockets into >> a single kern.security.seeotheruids_permitted, describes as: > > "Unprivileged processes may see subjects/objects with > > different real uid" > >Would people mind a lot if this variable defaulted to 0? I would mind a lot. I think this is a very good option to have for security/privacy reasons, but the default behavior should remain the way it is. There are tooooooooooo many times where it is very helpful if someone who has no special priv's can see what processes are running. Changing the default would make freebsd gratuitously different from all the other unix-y systems that I run on. -- Garance Alistair Drosehn = gad@eclipse.acs.rpi.edu Senior Systems Programmer or gad@freebsd.org Rensselaer Polytechnic Institute or drosih@rpi.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?p05101003b7ea36e1237a>