At 3:48 PM -0700 11/15/99, Lyndon Nerenberg wrote:
> >>>>> "Matthew" == Matthew Dillon <[EMAIL PROTECTED]> writes:
>
> Matthew> Why don't we get rid of the 'e' option to ps while we
> Matthew> are at it considering how much of a security hole it is.
>
>I wouldn't nuke it completely. Make -e a noop unless the real uid ps
>is running with matches the effective uid of the process being reported.
>And if ps is invoked with a real uid of 0, -e works as it does now.
I'd favor something like this. The unixes I am most used to did not
have '-e' as an option, and I had two immediate reactions when I found
freebsd's did:
1) wow, this is great for debugging a problem I'm having
2) yikes, what a security exposure! (I have some scripts
where a password is passed from one script to another
one via an environment variable...)
So, I'd like to have it for debugging my own processes, but
reduce the security implications of letting everyone else
also do it on my own processes... I realize this doesn't
eliminate the security exposure, but at least it reduces
it some.
---
Garance Alistair Drosehn = [EMAIL PROTECTED]
Senior Systems Programmer or [EMAIL PROTECTED]
Rensselaer Polytechnic Institute
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message
