:> Matthew> Why don't we get rid of the 'e' option to ps while we
:> Matthew> are at it considering how much of a security hole it is.
:>
:>I wouldn't nuke it completely. Make -e a noop unless the real uid ps
:>is running with matches the effective uid of the process being reported.
:>And if ps is invoked with a real uid of 0, -e works as it does now.
:
:I'd favor something like this. The unixes I am most used to did not
:have '-e' as an option, and I had two immediate reactions when I found
:freebsd's did:
: 1) wow, this is great for debugging a problem I'm having
: 2) yikes, what a security exposure! (I have some scripts
: where a password is passed from one script to another
: one via an environment variable...)
Yes, or by 'root'. Personally, I would like to see the option removed
entirely. I don't think a half-measure would improve the security
problem much.
:So, I'd like to have it for debugging my own processes, but
:...
:Garance Alistair Drosehn = [EMAIL PROTECTED]
gdb.
I shudder to think that people might actually start depending on this
non-feature. Better for it to just go away.
-Matt
-Matt
Matthew Dillon
<[EMAIL PROTECTED]>
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message
