From owner-freebsd-current Sat Sep 11 13:16: 3 1999 Delivered-To: freebsd-current@freebsd.org Received: from overcee.netplex.com.au (overcee.netplex.com.au [202.12.86.7]) by hub.freebsd.org (Postfix) with ESMTP id C773914C29 for ; Sat, 11 Sep 1999 13:15:49 -0700 (PDT) (envelope-from peter@netplex.com.au) Received: from netplex.com.au (localhost [127.0.0.1]) by overcee.netplex.com.au (Postfix) with ESMTP id D87741CAE; Sun, 12 Sep 1999 04:15:47 +0800 (WST) (envelope-from peter@netplex.com.au) X-Mailer: exmh version 2.0.2 2/24/98 To: chris@calldei.com Cc: Blaz Zupan , freebsd-current@FreeBSD.ORG Subject: Re: ps doesn't need privileges? In-reply-to: Your message of "Sat, 11 Sep 1999 13:22:07 EST." <19990911132207.J906@holly.dyndns.org> Date: Sun, 12 Sep 1999 04:15:47 +0800 From: Peter Wemm Message-Id: <19990911201547.D87741CAE@overcee.netplex.com.au> Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Chris Costello wrote: > On Sun, Sep 12, 1999, Peter Wemm wrote: > > Now that I think about it, it shouldn't be too hard (TM) to finish off the > > /proc/pid/cmdline stuff so that ps didn't need to access /mem and didn't > > need setgid at all. > > What about the `e' flag? I'm of the opinion that this particular beastie should be restricted to seeing your own processes only (unless you're root). Implementing /proc/pid/cmdline (globally readable) and /proc/pid/environ (user, group kmem readable only), and turning off setgid kmem for ps. I've lost count of the number of things that want you to do things like: setenv CVSPASSWORD foo etc. Cheers, -Peter To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message