From owner-freebsd-ports Tue Aug 3 16:48:44 1999 Delivered-To: freebsd-ports@freebsd.org Received: from relay.nuxi.com (nuxi.cs.ucdavis.edu [169.237.7.38]) by hub.freebsd.org (Postfix) with ESMTP id B139015163 for ; Tue, 3 Aug 1999 16:48:42 -0700 (PDT) (envelope-from obrien@NUXI.com) Received: from dragon.nuxi.com (iras-4-95.ucdavis.edu [169.237.17.223]) by relay.nuxi.com (8.9.3/8.9.3) with ESMTP id QAA71570 for ; Tue, 3 Aug 1999 16:48:20 -0700 (PDT) (envelope-from obrien@dragon.nuxi.com) Received: (from obrien@localhost) by dragon.nuxi.com (8.9.3/8.9.1) id QAA38716 for ports@freebsd.org; Tue, 3 Aug 1999 16:48:18 -0700 (PDT) (envelope-from obrien) Date: Tue, 3 Aug 1999 16:46:01 -0700 From: "David O'Brien" To: ports@freebsd.org Subject: (FWD) HASSECURITY too secure? Message-ID: <19990803164601.A38693@dragon.nuxi.com> Reply-To: obrien@NUXI.com Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95.3i X-Operating-System: FreeBSD 4.0-CURRENT Organization: The NUXI BSD group X-PGP-Fingerprint: B7 4D 3E E9 11 39 5F A3 90 76 5D 69 58 D9 98 7A X-Pgp-Keyid: 34F9F9D5 Sender: owner-freebsd-ports@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org What are people's opinions on this issues concerning LSOF? ----- Forwarded message from Vic Abell ----- Date: Tue, 3 Aug 1999 08:06:39 -0500 Subject: HASSECURITY too secure? Recently Craig Leres wrote this: > > I've noticed that if I am in group kmem and run a non-setuid lsof > binary, I can only look at processes owned by me. It seems like > this restriction should only apply when running set user or group > id, don't you think? Please consider the appended patch. I gave it some thought over the course of further e-mail exchanges with Craig and his colleague, Jef Poskanzer, and decided to decline to make the changes Craig requested. Since Craig and Jef remain unconvinced that my position is correct, I thought I'd put the question to you readers of lsof-l to get your thoughts and opinions. Craig's position is stated in the above citation. My position is that HASSECURITY functions exactly as described in 00README and the change Craig proposes would affect people who rely on the documented HASSECURITY behavior. 00README says: If the symbol HASSECURITY is defined, a security mode is enabled, and lsof will allow only the root user to list all open files. Non-root users may list only open files whose processes have the same user ID as the real user ID of the lsof process (the one that its user logged on with). I know there are ports packages (e.g., FreeBSD and maybe Debian Linux) that patch machine.h to activate HASSECURITY, and I'm not comfortable changing the effect of HASSECURITY because of them. What could be done, given sufficient interest in such a feature, would be to establish a new HASSECURITY level (or a new feature definition altogether) that would do what Craig and Jef want. I think that doing so would probably take more effort to change peripheral pieces and documentation than the basic changes Craig has supplied, and I'm not yet convinced I should spend time on it. A minor objection is that the change would be slightly different for the lsof implementations (/proc-based Linux, Pyramid DC/OSx, and Pyramid Reliant UNIX) that already need root permission. In both cases, the change would have to determine if the executing process had other permissions (i.e., access to /dev/kmem or read permission to /proc files) that made continuing past the traditional HASSECURITY block practical. So what do you think? Is such a change worth considering and spending (my) time and effort? If you think a change would be useful, what should be changed; should HASSECURITY be changed the way Craig suggests; or should there be a new security option? Vic ----- End forwarded message ----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message