From owner-cvs-all Sun Jul 14 9:33:34 2002 Delivered-To: cvs-all@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E158F37B400; Sun, 14 Jul 2002 09:33:26 -0700 (PDT) Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3D09B43E58; Sun, 14 Jul 2002 09:33:26 -0700 (PDT) (envelope-from robert@fledge.watson.org) Received: from fledge.watson.org (fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.12.4/8.12.4) with SMTP id g6EGXLbM026312; Sun, 14 Jul 2002 12:33:21 -0400 (EDT) (envelope-from robert@fledge.watson.org) Date: Sun, 14 Jul 2002 12:33:20 -0400 (EDT) From: Robert Watson X-Sender: robert@fledge.watson.org To: David Malone Cc: Luigi Rizzo , Giorgos Keramidas , cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/usr.bin/talk display.c talk.1 talk.c In-Reply-To: <20020714153536.GA97536@walton.maths.tcd.ie> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Sun, 14 Jul 2002, David Malone wrote: > On Sun, Jul 14, 2002 at 08:25:43AM -0700, Luigi Rizzo wrote: > > > Damn. Now I can't use ps/who to find out who's talking to whom! > > > > but you can still see that they are using "talk". > > You can still figure out who is talking to who with netstat and fstat > I'd guess? The see_other_uids sysctl limits netstat information also. Haven't looked at fstat -- once it uses sysctl, it should be easy to implement. > > "ps" and friends are full of privacy violation, as they allow > > unprivileged users to peek at what others are doing by liberally > > showing program arguments (though they can be hidden by setproctitle, > > but almost nobody does that) and program names (which cannot even > > be hidden). > > > > I think this part should be seriously revised > > (you in Bcc, are you listening ? :) > > Isn't this what kern.ps_showallprocs is for? I've always considered ps > and w showing what other people are doing a good way for users to learn > new commands. kern.ps_showallprocs in -stable was simply a mib setting to tell ps to ignore other users. security.bsd.see_other_uids is a kernel-enforced limit that affects the sysctls supporting ps, procfs, debugging, signalling, socket information sharing, etc. I.e., it actually works. Robert N M Watson FreeBSD Core Team, TrustedBSD Projects robert@fledge.watson.org Network Associates Laboratories To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message