Date: Thu, 13 Aug 1998 21:05:23 -0400 From: Louis Theran <k@yt.to> To: freebsd-security@FreeBSD.ORG Subject: Re: Possible security "risk" in ftp client Message-ID: <19980813210523.B14234@yt.to> In-Reply-To: <Pine.BSF.3.96.980812192424.22664A-100000@Tyr.office.EFN.org>; from Ben on Wed, Aug 12, 1998 at 07:26:23PM -0700 References: <Pine.NEB.3.96.980812210035.27880A-100000@brooklyn.slack.net> <Pine.BSF.3.96.980812192424.22664A-100000@Tyr.office.EFN.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Aug 12, 1998 at 07:26:23PM -0700, Ben wrote: > Maybe I'm mistaken, but ps(1) get's the info from /dev/kmem and /dev/mem and > formats them according to /kernel, what would I need to patch? The code for procfs, I believe. Anyway, the whole attitude of "fix ps and procfs and anything else that might expose argv or environ" is silly. There are plenty of ways for applications to get sensitive information such as passwords other than the command line or environment. There is no need to break ps or procfs. Fix the broken applications instead. > > On Wed, 12 Aug 1998, Ben wrote: > > > > > For ps I made a patch that allows only root(or wheel, you pick) to use the > > > flag '-a', otherwise the user attempting to use '-a' only gets his/her proc's. ^L -- Louis Theran "Te occidere possunt, sed te edere non possunt nefas quo est." PGP welcome; key at: k-pgpkey@yt.to To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19980813210523.B14234>