From owner-cvs-all Mon Jul 15 16:18:13 2002 Delivered-To: cvs-all@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2C17637B400; Mon, 15 Jul 2002 16:18:08 -0700 (PDT) Received: from mail.nsu.ru (mx.nsu.ru [193.124.215.71]) by mx1.FreeBSD.org (Postfix) with ESMTP id BA20943E58; Mon, 15 Jul 2002 16:18:00 -0700 (PDT) (envelope-from danfe@regency.nsu.ru) Received: from drweb by mail.nsu.ru with drweb-scanned (Exim 3.20 #1) id 17U6vh-0000Ay-00; Mon, 15 Jul 2002 21:34:25 +0700 Received: from regency.nsu.ru ([193.124.210.26]) by mail.nsu.ru with esmtp (Exim 3.20 #1) id 17U6vh-0000Am-00; Mon, 15 Jul 2002 21:34:25 +0700 Received: from regency.nsu.ru (localhost [127.0.0.1]) by regency.nsu.ru (8.12.4/8.12.4) with ESMTP id g6FEXXnP063498; Mon, 15 Jul 2002 21:33:33 +0700 (NOVST) (envelope-from danfe@regency.nsu.ru) Received: (from danfe@localhost) by regency.nsu.ru (8.12.4/8.12.4/Submit) id g6FEXOTj063431; Mon, 15 Jul 2002 21:33:24 +0700 (NOVST) Date: Mon, 15 Jul 2002 21:33:24 +0700 From: Alexey Dokuchaev To: Robert Watson Cc: David Malone , Luigi Rizzo , Giorgos Keramidas , cvs-committers@freebsd.org, cvs-all@freebsd.org Subject: Re: cvs commit: src/usr.bin/talk display.c talk.1 talk.c Message-ID: <20020715213324.B53266@regency.nsu.ru> References: <20020714153536.GA97536@walton.maths.tcd.ie> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: ; from rwatson@freebsd.org on Sun, Jul 14, 2002 at 12:33:20PM -0400 X-Envelope-To: rwatson@freebsd.org, dwmalone@maths.tcd.ie, luigi@freebsd.org, keramida@freebsd.org, cvs-committers@freebsd.org, cvs-all@freebsd.org Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Sun, Jul 14, 2002 at 12:33:20PM -0400, Robert Watson wrote: > > > > "ps" and friends are full of privacy violation, as they allow > > > unprivileged users to peek at what others are doing by liberally > > > showing program arguments (though they can be hidden by setproctitle, > > > but almost nobody does that) and program names (which cannot even > > > be hidden). Why, all you need to do under -STABLE is: * sysctl kern.ps_showallprocs=0 * umount /proc The latter is needed since procfs is mounted by default, and any user clever enough to write a simple /proc tracer can easily figure out what programs (along with their parameters) a box is running at any moment. > > > > > > I think this part should be seriously revised > > > (you in Bcc, are you listening ? :) > > > > Isn't this what kern.ps_showallprocs is for? I've always considered ps > > and w showing what other people are doing a good way for users to learn > > new commands. Yes, maybe. In a perfect world only. Otherwise (as what we have) the Net (and even local inbounds, speaking of local users) is a very hostile environment, thus giving very little tolerance for "ps" and "w" methods as learning facilities. Believe me, I'm far not happy with this, but we all have to face the reality. The better one secures his/her box, the higher chances that [s]he will survive. *sigh* > > kern.ps_showallprocs in -stable was simply a mib setting to tell ps to > ignore other users. security.bsd.see_other_uids is a kernel-enforced Not only ps, but any proggy that makes use of kvm* API. And that includes w, ps, top, and others. Unless you have procfs mounted, I see no other way to figure general processes information out, provided that kern.ps_showallprocs is set to 0. > limit that affects the sysctls supporting ps, procfs, debugging, > signalling, socket information sharing, etc. I.e., it actually works. Of course, as we all understand, security.bsd.see_other_uids is far a better solution, however, kern.ps_showallprocs does a pretty good job right now (as in -STABLE). ./danfe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message