From owner-freebsd-current  Mon Aug 11 08:45:17 1997
Return-Path: <owner-freebsd-current>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.5/8.8.5) id IAA10987
          for current-outgoing; Mon, 11 Aug 1997 08:45:17 -0700 (PDT)
Received: from kithrup.com (kithrup.com [205.179.156.40])
          by hub.freebsd.org (8.8.5/8.8.5) with SMTP id IAA10966;
          Mon, 11 Aug 1997 08:45:12 -0700 (PDT)
Received: (from sef@localhost) by kithrup.com (8.6.8/8.6.6) id IAA08497; Mon, 11 Aug 1997 08:45:00 -0700
Date: Mon, 11 Aug 1997 08:45:00 -0700
From: Sean Eric Fagan <sef@Kithrup.COM>
Message-Id: <199708111545.IAA08497@kithrup.com>
To: ache@nagual.pp.ru, bde@zeta.org.au
Subject: Re: procfs patch
Cc: current@FreeBSD.ORG, security@FreeBSD.ORG
Sender: owner-freebsd-current@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

>Just close the procfs file descriptors on exec?

I thought about doing that.  But I decided it was both too invasive, and too
bothersome -- a root process would gets its fd's close, and it probably
shouldn't.

As I said, what I've got now should provide no more risks than dumping core
does.  Well, it allows for some greater control -- my truss program is not
SUID root, and needs to be able to read process memory.  But since the
process should be owned by the user, I don't have a problem with it.

Sean.