From owner-freebsd-hackers Thu Sep 9 4:31:55 1999 Delivered-To: freebsd-hackers@freebsd.org Received: from mpp.pro-ns.net (pppdsle45.mpls.uswest.net [216.160.23.45]) by hub.freebsd.org (Postfix) with ESMTP id 5244915041 for ; Thu, 9 Sep 1999 04:31:46 -0700 (PDT) (envelope-from mpp@mpp.pro-ns.net) Received: (from mpp@localhost) by mpp.pro-ns.net (8.9.3/8.9.3) id GAA04543; Thu, 9 Sep 1999 06:19:15 -0500 (CDT) (envelope-from mpp) From: Mike Pritchard Message-Id: <199909091119.GAA04543@mpp.pro-ns.net> Subject: Re: CS Project In-Reply-To: <19990908203812.A98739@holly.calldei.com> from Chris Costello at "Sep 8, 1999 08:38:12 pm" To: chris@calldei.com Date: Thu, 9 Sep 1999 06:19:15 -0500 (CDT) Cc: grios@ddsecurity.com.br (Gustavo V G C Rios), freebsd-hackers@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL54 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > On Wed, Sep 08, 1999, Gustavo V G C Rios wrote: > > Dear gentleman, > > > One clear example: > > No user(but only that ones previous allowed to) should be able to see > > other users process. This facility have to be done at kernel level, > > (that's what i think). > > Define "see". Access the memory? See that it is running? > View the argv list? I don't see how this would affect privacy. I used to work somewhere where we didn't wany any of the users to know anything about any other groups of users processes. We did this by restricting ps to only show other procs that had the same primary group as the person executing ps. Root and group wheel (or some equivalent) could always see all running procs. You could always go hunting through the file systems, but their own directory permissions were their problem, not ours. This was a computing center site with several Crays, where customer names were kept private, and we had companies that were in competition with each other using our machines. The competition didn't want each other even knowing what applications they were running, because that might give them some insight into what they were doing (keyword here: paranoid). We might have also hacked w/who/finger/last to never print the host names/addresses so no one could nslookup the addresses and really figure out where the customers were logging in from. This was to stop them from finding out the competition was also one of our customers. So I can see situations where this might be useful, I'm not sure that these types of customers are really going to ever be sharing a FreeBSD machine, but you never know. -Mike -- Mike Pritchard mpp@FreeBSD.org or mpp@mpp.pro-ns.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message