From owner-freebsd-security Tue Aug 11 16:44:48 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id QAA00212 for freebsd-security-outgoing; Tue, 11 Aug 1998 16:44:48 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from redfish.go2net.com (redfish.go2net.com [207.178.55.5]) by hub.freebsd.org (8.8.8/8.8.8) with SMTP id QAA00182 for ; Tue, 11 Aug 1998 16:44:43 -0700 (PDT) (envelope-from marcs@go2net.com) Received: from marcs by redfish.go2net.com with smtp (Exim 1.82 #2) id 0z6O48-0007MR-00; Tue, 11 Aug 1998 16:42:56 -0700 Date: Tue, 11 Aug 1998 16:42:56 -0700 (PDT) From: Marc Slemko X-Sender: marcs@redfish To: Garrett Wollman cc: freebsd-security@FreeBSD.ORG Subject: Re: Possible security "risk" in ftp client In-Reply-To: <199808112338.TAA14075@khavrinen.lcs.mit.edu> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, 11 Aug 1998, Garrett Wollman wrote: > < said: > > > Naw, that is worse since you can just use ps to grab it; the reason it is > > worse is because it tends to lead to people leaving it set when they > > aren't actually using the program. > > I think there are good reasons (and this is one of them) to disable > the environment-dumping option of ps. Unfortunately it is probably > too well-entrenched to kill. I had totally forgotten about it until > this discussion began. It is a useful option. I routinely use it to exploit security holes. I also do use it sometimes for debugging. What may be worth considering is doing what Linux (and perhaps others...) do; ie. not allowing you to see the environment of other UIDs, just of your own processes. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message