Date: Wed, 24 Nov 1999 01:01:33 -0700 From: Warner Losh <imp@village.org> To: Poul-Henning Kamp <phk@critter.freebsd.dk> Cc: freebsd-current@FreeBSD.ORG, security@FreeBSD.ORG Subject: Re: ps on 4.0-current Message-ID: <199911240801.BAA19058@harmony.village.org> In-Reply-To: Your message of "Wed, 24 Nov 1999 00:54:15 %2B0100." <31375.943401255@critter.freebsd.dk> References: <31375.943401255@critter.freebsd.dk>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <31375.943401255@critter.freebsd.dk> Poul-Henning Kamp writes: : Warner ? Like I've said in private mail to many different people on this issue, there needs to be a sysctl which controls this, and it needs to be open by default. There are many cases where unwanted information is disclosed inadvertantly by these arguments. It invades the privacy of the users to do so. I don't want anybody to find out that I'm sending mail to joe@greco.com because they can see my ps args, for example, or that my chat script is doing stupid things and putting the password on the command line. or if I'm aiding law enforcement looking for the string "SecreTTWarEzz" to see who is posting them from my machine, I don't want anyone to know what I'm looking for. People generally take care to not include sensitive information on the command line, but sometimes this can't be helped. Not all will agree with this, and it is a change from the past so there needs to be a sysctl to control this. And given that it is a radical change from the past, it needs to default to open. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199911240801.BAA19058>