Date: Wed, 10 Oct 2001 12:41:40 -0500 (CDT) From: Mike Silbersack <silby@silby.com> To: Dag-Erling Smorgrav <des@ofug.org> Cc: Garrett Wollman <wollman@khavrinen.lcs.mit.edu>, <cvs-committers@FreeBSD.org>, <cvs-all@FreeBSD.org> Subject: Re: cvs commit: src/sys/kern kern_proc.c kern_prot.c uipc_socket.c uipc_usrreq.c src/sys/netinet raw_ip.c tcp_subr.c udp_usrreq.c Message-ID: <20011010123813.U23388-100000@achilles.silby.com> In-Reply-To: <xzpy9mjfq4z.fsf@flood.ping.uio.no>
next in thread | previous in thread | raw e-mail | index | archive | help
On 10 Oct 2001, Dag-Erling Smorgrav wrote: > Garrett Wollman <wollman@khavrinen.lcs.mit.edu> writes: > > <<On 10 Oct 2001 17:17:59 +0200, Dag-Erling Smorgrav <des@ofug.org> said: > > > > "Unprivileged processes may see subjects/objects with different real uid" > > > Would people mind a lot if this variable defaulted to 0? > > Hell yes. > > That's not a constructive response. > > To me, the ability of unprivileged users to obtain information about > other users' processes and sockets is a) Normal to most (all?) unixes. You're going to confuse a lot of people if you disable it by default. Don't get me wrong, being able to hide the information is a great feature, and should be used on shell servers and the like. However, it's not a good default. Mike "Silby" Silbersack To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011010123813.U23388-100000>