From owner-freebsd-current  Thu Nov 18 23:21:27 1999
Delivered-To: freebsd-current@freebsd.org
Received: from picalon.gun.de (picalon.gun.de [192.109.159.1])
	by hub.freebsd.org (Postfix) with ESMTP id 0F62415592
	for <current@FreeBSD.ORG>; Thu, 18 Nov 1999 23:21:18 -0800 (PST)
	(envelope-from andreas@klemm.gtn.com)
Received: from klemm.gtn.com (pppak04.gtn.com [194.231.123.169])
	by picalon.gun.de (8.9.3/8.9.3) with ESMTP id IAA14670;
	Fri, 19 Nov 1999 08:21:09 +0100 (MET)
Received: (from andreas@localhost)
	by klemm.gtn.com (8.9.3/8.9.3) id IAA02250;
	Fri, 19 Nov 1999 08:20:54 +0100 (CET)
	(envelope-from andreas)
Date: Fri, 19 Nov 1999 08:20:54 +0100
From: Andreas Klemm <andreas@klemm.gtn.com>
To: Matthew Dillon <dillon@apollo.backplane.com>
Cc: Warner Losh <imp@village.org>,
	Alex Zepeda <jazepeda@pacbell.net>,
	Andreas Klemm <andreas@klemm.gtn.com>, David Greenman <dg@root.com>,
	Sean Eric Fagan <sef@kithrup.com>, current@FreeBSD.ORG
Subject: Re: PATCH for testing
Message-ID: <19991119082054.A840@titan.klemm.gtn.com>
References: <Pine.BSF.4.10.9911172341110.397-100000@localhost> <199911181924.MAA27434@harmony.village.org> <199911190104.RAA88682@apollo.backplane.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 1.0pre1i
In-Reply-To: <199911190104.RAA88682@apollo.backplane.com>
X-Operating-System: FreeBSD 3.3-STABLE SMP
X-Disclaimer: A free society is one where it is safe to be unpopular
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Thu, Nov 18, 1999 at 05:04:20PM -0800, Matthew Dillon wrote:
>     I am all for removing -e, but I don't really like the idea of making
>     it optional nor do I like the idea of trying to maintain the capability
>     for the user's own processes - that simply makes the code even more
>     complex then it already is.  The danger is that the option exists in
>     the first place.

Though I respect your statement about code complexity I'm not for
removing the option, which has been available to the ps command
for such a long time and definitively is a useful debugging tool
(for root !). This would create a major difference to the other BSD's
which is not easily understandable.

"ps -e" and "ps -e -U" is useful for debugging purposes, so it
should simply be restricted to root as it has been done for 
putting a network device into promiscous mode or other things.

By simply removing it (without thinking about alternatives) I
think FreeBSD looses some points ... I thought we were the team
that doesn't do radical changes without a good reason ;-)

Security is a good reason. But simply removing it without restricting
it is in my opineon not a good style.

Another alternative to restricting it to root would be, to combine
it with the security level, that we can configure in rc.conf.

But that's only an idea, I personally don't like magic things to
happen, only because I raised a security level by one.

	Andreas ///


-- 
Andreas Klemm                                  http://www.FreeBSD.ORG/~andreas
                                     http://www.freebsd.org/~fsmp/SMP/SMP.html
                                   powered by Symmetric MultiProcessor FreeBSD
Get new songs from our band: http://www.freebsd.org/~andreas/64bits/index.html


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message