> > And, also, we need to get rid of the 'e' option to ps entirely. It's a
> > major security hole.
>
> I agree that we need to get rid of 'e' and any other options that allow
> reading another process's environment.
How about protecting the -e option by a test for setuid() == 0 instead
of removing it entirely. That would remove the security concern, but
still retain the function for root. Removing the function for root is
useless from a security point of view, as anybody with root access
can simply compile an alternative version of ps(1) with -e back in it.
Cheers.
--
+------------------------------------------------------------+
. | John Saunders - mailto:[EMAIL PROTECTED]
(EMail) |
,--_|\ | - http://www.nlc.net.au/
(WWW) |
/ Oz \ | - 02-9489-4932 or 04-1822-3814
(Phone) |
\_,--\_/ | NORTHLINK COMMUNICATIONS P/L - Supplying a
professional, |
v | and above all friendly, internet connection
service. |
+------------------------------------------------------------+
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message