Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 24 Nov 1999 09:01:20 -0700
From:      Warner Losh <imp@village.org>
To:        Poul-Henning Kamp <phk@critter.freebsd.dk>
Cc:        freebsd-current@FreeBSD.ORG, security@FreeBSD.ORG
Subject:   Re: ps on 4.0-current 
Message-ID:  <199911241601.JAA20734@harmony.village.org>
In-Reply-To: Your message of "Wed, 24 Nov 1999 09:11:20 %2B0100." <33189.943431080@critter.freebsd.dk> 
References:  <33189.943431080@critter.freebsd.dk>  

next in thread | previous in thread | raw e-mail | index | archive | help
In message <33189.943431080@critter.freebsd.dk> Poul-Henning Kamp writes:
: In message <199911240801.BAA19058@harmony.village.org>, Warner Losh writes:
: 
: >Not all will agree with this, and it is a change from the past so
: >there needs to be a sysctl to control this.  And given that it is a
: >radical change from the past, it needs to default to open.
: 
: Now, I can't tell if you wore the security-master hard-hat in this
: email or not, and I see some quite divergent australian positions,
: so I will sit tight until I see a little bit more of a consensus.

It was with my hat on, but lemme explain a little how I got here.

Before the recent changes to ps, procfs used to not disclose the
command line.  When it was modified to be used with a ps that didn't
need to be set[gu]id it lost this.  I wanted to see it restored for
those people that had depended on this, but realized that it would be
unpopular (and unnecessary) for many people.  As part of the change to
restore the behavior, I wanted the sysctl.  Now that it is half there,
I'd like the other half to complete the picture.

The reason that it was a big deal to me was that on the old system if
you turned off the setuidness of ps, w, et al you would block
disclosure of args/env vars, etc, but still have access to process
lists.  With the change, there was no way to do this which represented
a weakening of the overall system on the whole, despite the strenth
added by taking the setgid bit off ps.

sef has sent me patches that I've not had a chance to review that
appear to implement this.

Warner


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199911241601.JAA20734>