From owner-cvs-all Wed Oct 10 10:41:52 2001 Delivered-To: cvs-all@freebsd.org Received: from silby.com (cb34181-a.mdsn1.wi.home.com [24.14.173.39]) by hub.freebsd.org (Postfix) with ESMTP id 7941037B409 for ; Wed, 10 Oct 2001 10:41:42 -0700 (PDT) Received: (qmail 23800 invoked by uid 1000); 10 Oct 2001 17:41:40 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 10 Oct 2001 17:41:40 -0000 Date: Wed, 10 Oct 2001 12:41:40 -0500 (CDT) From: Mike Silbersack To: Dag-Erling Smorgrav Cc: Garrett Wollman , , Subject: Re: cvs commit: src/sys/kern kern_proc.c kern_prot.c uipc_socket.c uipc_usrreq.c src/sys/netinet raw_ip.c tcp_subr.c udp_usrreq.c In-Reply-To: Message-ID: <20011010123813.U23388-100000@achilles.silby.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On 10 Oct 2001, Dag-Erling Smorgrav wrote: > Garrett Wollman writes: > > < said: > > > > "Unprivileged processes may see subjects/objects with different real uid" > > > Would people mind a lot if this variable defaulted to 0? > > Hell yes. > > That's not a constructive response. > > To me, the ability of unprivileged users to obtain information about > other users' processes and sockets is a) Normal to most (all?) unixes. You're going to confuse a lot of people if you disable it by default. Don't get me wrong, being able to hide the information is a great feature, and should be used on shell servers and the like. However, it's not a good default. Mike "Silby" Silbersack To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message