Date: Mon, 15 Jul 2002 21:33:24 +0700 From: Alexey Dokuchaev <danfe@regency.nsu.ru> To: Robert Watson <rwatson@freebsd.org> Cc: David Malone <dwmalone@maths.tcd.ie>, Luigi Rizzo <luigi@freebsd.org>, Giorgos Keramidas <keramida@freebsd.org>, cvs-committers@freebsd.org, cvs-all@freebsd.org Subject: Re: cvs commit: src/usr.bin/talk display.c talk.1 talk.c Message-ID: <20020715213324.B53266@regency.nsu.ru> In-Reply-To: <Pine.NEB.3.96L.1020714123154.25880D-100000@fledge.watson.org>; from rwatson@freebsd.org on Sun, Jul 14, 2002 at 12:33:20PM -0400 References: <20020714153536.GA97536@walton.maths.tcd.ie> <Pine.NEB.3.96L.1020714123154.25880D-100000@fledge.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Jul 14, 2002 at 12:33:20PM -0400, Robert Watson wrote: > > > > "ps" and friends are full of privacy violation, as they allow > > > unprivileged users to peek at what others are doing by liberally > > > showing program arguments (though they can be hidden by setproctitle, > > > but almost nobody does that) and program names (which cannot even > > > be hidden). Why, all you need to do under -STABLE is: * sysctl kern.ps_showallprocs=0 * umount /proc The latter is needed since procfs is mounted by default, and any user clever enough to write a simple /proc tracer can easily figure out what programs (along with their parameters) a box is running at any moment. > > > > > > I think this part should be seriously revised > > > (you in Bcc, are you listening ? :) > > > > Isn't this what kern.ps_showallprocs is for? I've always considered ps > > and w showing what other people are doing a good way for users to learn > > new commands. Yes, maybe. In a perfect world only. Otherwise (as what we have) the Net (and even local inbounds, speaking of local users) is a very hostile environment, thus giving very little tolerance for "ps" and "w" methods as learning facilities. Believe me, I'm far not happy with this, but we all have to face the reality. The better one secures his/her box, the higher chances that [s]he will survive. *sigh* > > kern.ps_showallprocs in -stable was simply a mib setting to tell ps to > ignore other users. security.bsd.see_other_uids is a kernel-enforced Not only ps, but any proggy that makes use of kvm* API. And that includes w, ps, top, and others. Unless you have procfs mounted, I see no other way to figure general processes information out, provided that kern.ps_showallprocs is set to 0. > limit that affects the sysctls supporting ps, procfs, debugging, > signalling, socket information sharing, etc. I.e., it actually works. Of course, as we all understand, security.bsd.see_other_uids is far a better solution, however, kern.ps_showallprocs does a pretty good job right now (as in -STABLE). ./danfe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020715213324.B53266>