Date: Sun, 14 Jul 2002 12:14:35 -0400 (EDT) From: Robert Watson <rwatson@FreeBSD.org> To: Luigi Rizzo <luigi@FreeBSD.org> Cc: Giorgos Keramidas <keramida@FreeBSD.org>, cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/usr.bin/talk display.c talk.1 talk.c Message-ID: <Pine.NEB.3.96L.1020714121303.25880B-100000@fledge.watson.org> In-Reply-To: <20020714082543.B74633@iguana.icir.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 14 Jul 2002, Luigi Rizzo wrote: > On Sun, Jul 14, 2002 at 06:12:33PM +0300, Giorgos Keramidas wrote: > ... > > Damn. Now I can't use ps/who to find out who's talking to whom! > > but you can still see that they are using "talk". > > "ps" and friends are full of privacy violation, as they allow > unprivileged users to peek at what others are doing by liberally > showing program arguments (though they can be hidden by setproctitle, > but almost nobody does that) and program names (which cannot even > be hidden). > > I think this part should be seriously revised > (you in Bcc, are you listening ? :) FreeBSD 5.0-CURRENT supports 'security.bsd.bsd_see_other_uids' which limits the flow of inter-user information. Try setting it to 0 sometime. The trustedbsd_mac version which will get committed in a week or so actually also supports a series of exemptions, such as exempting based on having the same primary group, or belonging to a specific group (such as wheel or operator). We used this setting on election.uk.FreeBSD.org to prevent less desirable information flow. Robert N M Watson FreeBSD Core Team, TrustedBSD Projects robert@fledge.watson.org Network Associates Laboratories To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96L.1020714121303.25880B-100000>