Date: Wed, 24 Nov 1999 09:12:02 -0700 From: Warner Losh <imp@village.org> To: Peter Wemm <peter@netplex.com.au> Cc: Poul-Henning Kamp <phk@critter.freebsd.dk>, freebsd-current@FreeBSD.ORG, security@FreeBSD.ORG Subject: Re: ps on 4.0-current Message-ID: <199911241612.JAA20799@harmony.village.org> In-Reply-To: Your message of "Wed, 24 Nov 1999 17:05:23 %2B0800." <19991124090523.9689C1C6D@overcee.netplex.com.au> References: <19991124090523.9689C1C6D@overcee.netplex.com.au>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <19991124090523.9689C1C6D@overcee.netplex.com.au> Peter Wemm writes: : For example, in "workstation" mode, the reasonable default is "open", : because typically there is one user on the box (other than root) and that : person has root access. Excessive hiding info from that user just means : that they'll have to use root more, or will give up the idea of using a mortal : user entirely and run everything as root (a Really Bad idea, think of Windoze : and viruses etc etc). True. : In a dedicated server role, again it might be appropriate to default : it to "open" (dedicated server being something like a squid box), : again there will be a couple of sysadmin type users or people who : have to monitor things. Hiding information gains nothing there : either. I disagree with this, but that is because I've rarely seen a totally dedicated server. A simple fileserver that does nothing else would want to be open in this respect since few people have accounts. : In other roles, including something like a shell server box with presumably : hostile users (you reasonably have to assume this), you want everything you : possibly can to be locked down. Firewall, dialup boxes, dns servers, etc are good candidates to be locked down. : Oh for ACL's, privilige attributes, etc. It would solve this sort of thing : nicely so that you could allow admin users to see what's going on : (including a ps -ax and see what the users are running) without having to : constantly (ab)use root and the dangers of overusing that. sef suggested this be a procfs mount option. I think I like this more than the sysctl option, but don't strong opinion either way (sysctl is more like most of the rest of the system, while a mount option would be harder to change on the fly). Having it be a mount option would make it possible to have a GID that the files are "owned" by that could be 'operator' so that operators can see the args, and possibly other things. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199911241612.JAA20799>