From owner-freebsd-arch@FreeBSD.ORG Mon Dec 6 03:56:51 2004 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5EEDF16A4CE; Mon, 6 Dec 2004 03:56:51 +0000 (GMT) Received: from smtp3.server.rpi.edu (smtp3.server.rpi.edu [128.113.2.3]) by mx1.FreeBSD.org (Postfix) with ESMTP id DA6E743D31; Mon, 6 Dec 2004 03:56:50 +0000 (GMT) (envelope-from drosih@rpi.edu) Received: from [128.113.24.47] (gilead.netel.rpi.edu [128.113.24.47]) by smtp3.server.rpi.edu (8.13.0/8.13.0) with ESMTP id iB63um45028619; Sun, 5 Dec 2004 22:56:50 -0500 Mime-Version: 1.0 Message-Id: In-Reply-To: <20041130231236.GD56431@darkness.comp.waw.pl> References: <20041130231236.GD56431@darkness.comp.waw.pl> Date: Sun, 5 Dec 2004 22:56:47 -0500 To: Pawel Jakub Dawidek , freebsd-arch@freebsd.org From: Garance A Drosihn Content-Type: text/plain; charset="us-ascii" ; format="flowed" X-CanItPRO-Stream: default X-RPI-SA-Score: undef - spam-scanning disabled X-Scanned-By: CanIt (www . canit . ca) cc: cperciva@freebsd.org Subject: Re: ps -e without procfs(5). X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 06 Dec 2004 03:56:51 -0000 At 12:12 AM +0100 12/1/04, Pawel Jakub Dawidek wrote: >Hello. > >I need some testing for this patch: > > http://people.freebsd.org/~pjd/patches/ps-e.patch > >It allows to use 'ps -e' without procfs(5) mounted. > >I decided to disable this functionality by default, because procfs(5) >is also disabled by default and some people may already depend on the >fact, that environment is a secret by default. >To see the effects, you need to increase sysctl kern.ps_env_cache_limit >to for example 1024. I think it is true that procfs was mounted by default in 4.x, so I am not sure we need to start the system with kern.ps_env_cache_limit set to 0. Note that there are (or were?) other protections in `ps' such that non-root users can only see the environment variables for their own processes. They can't see them for processes owned by other users. And in 5.x, if procfs *is* mounted then users can't even see environment variables of their own processes if sysctl security.bsd.unprivileged_proc_debug is set to 0 (it defaults to 1). I also notice that due to the way your new ability is implemented, nobody can see the environment variables for any process which was started up before the kern.ps_env_cache_limit is set. I tried to set it in /boot/loader.conf.local, but that didn't seem to work. (that may have been due to an error on my part, though). Hmm. And actually, your new version does seem to allow users to see the environment variables of processes they do not own, once the new sysctl is turned on. That would not be a good change to make. -- Garance Alistair Drosehn = gad@gilead.netel.rpi.edu Senior Systems Programmer or gad@freebsd.org Rensselaer Polytechnic Institute or drosih@rpi.edu