From owner-freebsd-security Tue Nov 23 19:16:24 1999 Delivered-To: freebsd-security@freebsd.org Received: from forrie.net (forrie.net [216.67.12.69]) by hub.freebsd.org (Postfix) with ESMTP id 9BDD415188; Tue, 23 Nov 1999 19:16:12 -0800 (PST) (envelope-from forrie@forrie.com) Received: from Forrest (getbent@forrie.ne.mediaone.net [24.128.72.15]) by forrie.net (8.9.3/8.9.3) with ESMTP id WAA04353; Tue, 23 Nov 1999 22:14:46 -0500 (EST) Message-Id: <4.2.2.19991123220915.00ab0c00@216.67.12.69> X-Sender: forrie@216.67.12.69 X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.2 Date: Tue, 23 Nov 1999 22:10:44 -0500 To: freebsd-current@FreeBSD.ORG From: Forrest Aldrich Subject: Re: ps on 4.0-current Cc: security@FreeBSD.ORG In-Reply-To: <31375.943401255@critter.freebsd.dk> References: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I seem to recall that conversation here in the mailing list. How about a system configuration variable that determines what info like ps (and friends) can access? Personally, I would just prefer to leave it be. There are too many other potential problems with scripts and such that depend upon the info PS provides. *shrug* :) _F At 12:54 AM 11/24/99 +0100, Poul-Henning Kamp wrote: >In message <199911232352.XAA01547@hak.lan.Awfulhak.org>, Brian Somers writes: > >> In the last episode (Nov 23), Brian Somers said: > >> > $ ps jtva > >> > USER PID PPID PGID SESS JOBC STAT TT TIME COMMAND > >> > root 222 1 222 9dac40 0 Is+ va 0:00.01 (getty) > >> > $ sudo ps jtva > >> > USER PID PPID PGID SESS JOBC STAT TT TIME COMMAND > >> > root 222 1 222 9dac40 0 Is+ va 0:00.01 > /usr/libexec/getty Pc tt > >> > $ head -1 /etc/motd > >> > FreeBSD 4.0-CURRENT (HAK) #9: Mon Nov 22 01:09:55 GMT 1999 > >> > > >> > This looks a bit wrong.... > >> > >> Now that does look weird. After a bit more investigation, it looks > >> like you can only get the full commandline of your own processes. Root > >> can see all commandlines. > > >Any comments Poul ? Is this anything to do with the recent command > >line buffering ? > >Yes, I changed it to this behaviour at warners asking (I think he had >the security-meister hard-hat on at the time). > >I'm personally leaning towards the opinion that the argv is public >property and should be visible, but then again, I can see the point >in hiding it in some circumstances. > >I'll stick a sysctl in there which defaults to the "open" position >and people who need to hide it can set it to "close" to do so. > >Will this satisfy everybody ? > >Warner ? > >-- >Poul-Henning Kamp FreeBSD coreteam member >phk@FreeBSD.ORG "Real hackers run -current on their laptop." >FreeBSD -- It will take a long time before progress goes too far! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message