From owner-freebsd-current Tue Nov 16 4:58:44 1999 Delivered-To: freebsd-current@freebsd.org Received: from overcee.netplex.com.au (overcee.netplex.com.au [202.12.86.7]) by hub.freebsd.org (Postfix) with ESMTP id A9B2114D83 for ; Tue, 16 Nov 1999 04:58:32 -0800 (PST) (envelope-from peter@netplex.com.au) Received: from netplex.com.au (localhost [127.0.0.1]) by overcee.netplex.com.au (Postfix) with ESMTP id 9ED091CA0; Tue, 16 Nov 1999 20:58:29 +0800 (WST) (envelope-from peter@netplex.com.au) X-Mailer: exmh version 2.0.2 2/24/98 To: Poul-Henning Kamp Cc: Sheldon Hearn , Matthew Dillon , current@FreeBSD.ORG Subject: Re: PATCH for testing In-reply-to: Your message of "Tue, 16 Nov 1999 10:17:44 +0100." <24359.942743864@critter.freebsd.dk> Date: Tue, 16 Nov 1999 20:58:29 +0800 From: Peter Wemm Message-Id: <19991116125829.9ED091CA0@overcee.netplex.com.au> Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Poul-Henning Kamp wrote: > In message <45617.942743642@axl.noc.iafrica.com>, Sheldon Hearn writes: > > > > > >On Tue, 16 Nov 1999 07:19:52 +0100, Poul-Henning Kamp wrote: > > > >> > Why don't we get rid of the 'e' option to ps while we are at it > >> > considering how much of a security hole it is. > >> > >> Hmm, well, I like to have it around for root at least... > > > >Exactly. > > > >In a perfect world, the -e option will only allow inspection of the > >environment of processes for which the owner of the ps process has > >sufficient priveledge. > > Yes that makes sense, because if all comes to all they could attach > a debugger and find it that way anyway. If the command line is obtained other ways, then the easiest way to implement this should be to delay opening the mem file until it's required and turn off the setgid bit for the open. Or better yet, turn off setgid entirely and use sysctl and eproc for everything, but allow -e to work if the user could open /proc/*/mem.. Or something like that. Cheers, -Peter To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message