Date: Sun, 14 Jul 2002 12:33:20 -0400 (EDT) From: Robert Watson <rwatson@FreeBSD.org> To: David Malone <dwmalone@maths.tcd.ie> Cc: Luigi Rizzo <luigi@FreeBSD.org>, Giorgos Keramidas <keramida@FreeBSD.org>, cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/usr.bin/talk display.c talk.1 talk.c Message-ID: <Pine.NEB.3.96L.1020714123154.25880D-100000@fledge.watson.org> In-Reply-To: <20020714153536.GA97536@walton.maths.tcd.ie>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 14 Jul 2002, David Malone wrote: > On Sun, Jul 14, 2002 at 08:25:43AM -0700, Luigi Rizzo wrote: > > > Damn. Now I can't use ps/who to find out who's talking to whom! > > > > but you can still see that they are using "talk". > > You can still figure out who is talking to who with netstat and fstat > I'd guess? The see_other_uids sysctl limits netstat information also. Haven't looked at fstat -- once it uses sysctl, it should be easy to implement. > > "ps" and friends are full of privacy violation, as they allow > > unprivileged users to peek at what others are doing by liberally > > showing program arguments (though they can be hidden by setproctitle, > > but almost nobody does that) and program names (which cannot even > > be hidden). > > > > I think this part should be seriously revised > > (you in Bcc, are you listening ? :) > > Isn't this what kern.ps_showallprocs is for? I've always considered ps > and w showing what other people are doing a good way for users to learn > new commands. kern.ps_showallprocs in -stable was simply a mib setting to tell ps to ignore other users. security.bsd.see_other_uids is a kernel-enforced limit that affects the sysctls supporting ps, procfs, debugging, signalling, socket information sharing, etc. I.e., it actually works. Robert N M Watson FreeBSD Core Team, TrustedBSD Projects robert@fledge.watson.org Network Associates Laboratories To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96L.1020714123154.25880D-100000>