From owner-freebsd-current Mon Nov 15 16:27:18 1999 Delivered-To: freebsd-current@freebsd.org Received: from apollo.backplane.com (apollo.backplane.com [216.240.41.2]) by hub.freebsd.org (Postfix) with ESMTP id 8099E14F20 for ; Mon, 15 Nov 1999 16:27:16 -0800 (PST) (envelope-from dillon@apollo.backplane.com) Received: (from dillon@localhost) by apollo.backplane.com (8.9.3/8.9.1) id QAA46037; Mon, 15 Nov 1999 16:27:12 -0800 (PST) (envelope-from dillon) Date: Mon, 15 Nov 1999 16:27:12 -0800 (PST) From: Matthew Dillon Message-Id: <199911160027.QAA46037@apollo.backplane.com> To: Garance A Drosihn Cc: Lyndon Nerenberg , current@FreeBSD.ORG Subject: Re: ps -e References: <199911152248.dAFMmaQ18726@orthanc.ab.ca> Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG :> Matthew> Why don't we get rid of the 'e' option to ps while we :> Matthew> are at it considering how much of a security hole it is. :> :>I wouldn't nuke it completely. Make -e a noop unless the real uid ps :>is running with matches the effective uid of the process being reported. :>And if ps is invoked with a real uid of 0, -e works as it does now. : :I'd favor something like this. The unixes I am most used to did not :have '-e' as an option, and I had two immediate reactions when I found :freebsd's did: : 1) wow, this is great for debugging a problem I'm having : 2) yikes, what a security exposure! (I have some scripts : where a password is passed from one script to another : one via an environment variable...) Yes, or by 'root'. Personally, I would like to see the option removed entirely. I don't think a half-measure would improve the security problem much. :So, I'd like to have it for debugging my own processes, but :... :Garance Alistair Drosehn = gad@eclipse.acs.rpi.edu gdb. I shudder to think that people might actually start depending on this non-feature. Better for it to just go away. -Matt -Matt Matthew Dillon To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message