Date: Fri, 18 Sep 1998 00:21:11 -0500 (CDT) From: Joel Ray Holveck <joelh@gnu.org> To: Robert Watson <robert+freebsd@cyrus.watson.org> Cc: Joel Ray Holveck <joelh@gnu.org>, Andrzej Bialecki <abial@nask.pl>, freebsd-current@FreeBSD.ORG Subject: Re: Limit 'ps' to show only user's processes Message-ID: <199809180521.AAA03520@detlev.UUCP> In-Reply-To: <Pine.BSF.3.96.980917231235.7181A-100000@fledge.watson.org> References: <Pine.BSF.3.96.980917231235.7181A-100000@fledge.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help
>>> Several people have been asking for this "feature" from time to time, >>> namely that they could set a system variable (sysctl?) to limit 'ps' to >>> show not all processes, but only user's processes for euid!=0. >>> Would you consider this something worth implementing? >> This belongs as a switch to ps, not as a sysctl variable. > I agreed until we started with this 'procfs' thing. With ps sgid kmem and > pulling data from /dev/kmem, the appropriate place to put the limit was in > ps. With /procfs (and presumably a similar desire to limit data leaking), > presumably the kernel would also be involved in limiting the spread of > info. Perhaps we can get ps to only use procfs and that would be far more > desirable than this kmem approach. I guess one would also have to either > limit top, or have top use procfs. Good point, thanks for reminding me (even though my "switch" comment was based on an incorrect assumption). I agree, and add that a sysctl variable or kernel variable to set the permissions for procfs-directories to 500 may be doable. But, as somebody said, -security has work in this direction. Best, joelh -- Joel Ray Holveck - joelh@gnu.org - http://www.wp.com/piquan Fourth law of programming: Anything that can go wrong wi sendmail: segmentation violation - core dumped To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199809180521.AAA03520>