Date: Wed, 10 Oct 2001 13:52:37 -0600 From: Warner Losh <imp@harmony.village.org> To: Dag-Erling Smorgrav <des@ofug.org> Cc: Garrett Wollman <wollman@khavrinen.lcs.mit.edu>, cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/sys/kern kern_proc.c kern_prot.c uipc_socket.c uipc_usrreq.c src/sys/netinet raw_ip.c tcp_subr.c udp_usrreq.c Message-ID: <200110101952.f9AJqb776963@harmony.village.org> In-Reply-To: Your message of "10 Oct 2001 17:53:16 %2B0200." <xzpy9mjfq4z.fsf@flood.ping.uio.no> References: <xzpy9mjfq4z.fsf@flood.ping.uio.no> <200110092140.f99LeVA74145@freefall.freebsd.org> <xzp7ku3h6c8.fsf@flood.ping.uio.no> <200110101522.f9AFM0S63283@khavrinen.lcs.mit.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <xzpy9mjfq4z.fsf@flood.ping.uio.no> Dag-Erling Smorgrav writes: : Garrett Wollman <wollman@khavrinen.lcs.mit.edu> writes: : > <<On 10 Oct 2001 17:17:59 +0200, Dag-Erling Smorgrav <des@ofug.org> said: : > > > "Unprivileged processes may see subjects/objects with different real uid" : > > Would people mind a lot if this variable defaulted to 0? : > Hell yes. : : That's not a constructive response. : : To me, the ability of unprivileged users to obtain information about : other users' processes and sockets is : : a) unnecessary : b) a violation of privacy : c) a security risk : : Unless you can provide an argument showing that this is necessary to : the correct operation of a FreeBSD system, I'll simply ignore your : contribution to this discussion. It violates POLA and would piss off a lot of people. It is an fairly major worldview change for a stable branch, but 5.0 could introduce this as the new default. And it isn't a security risk for properly written programs. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200110101952.f9AJqb776963>