Re: Request for discussion.

[joerg.czeranski () informatik tu-clausthal de (Joerg Czeranski)]

sdw () lig net (Stephen D. Williams) wrote:
> [someone asked:]
> > On what OS?  Isnt it the case that ps's on these /proc systems often need
> > to run setuid root, so that than can ioctl(2) everyone's processes?
>
> Quick check:
>
> Linux: no setuid/root needed.
>
> OSF/1 (DEC alpha): Need setuid/root for anything.
>
> Solaris 2.3: setuid/root needed to see other processes, but a user can see
> their own.  An interesting twist that I like, for some instances.

The Dec OSF/1 /bin/ps doesn't work without setuid, but setuid isn't
needed for everything.  The /proc filesystem of Dec OSF/1 V2.0 is except
for minor different additions by both Sun and Dec the same as of
Solaris 2.3, seems to be some standard (is it included in the SysV R4
spec?).  So what you said for Solaris 2.3 applies for OSF/1, too;
and I like it, too.

For my taste the Linux /proc gives a bit too much information to anybody
without the chance of restricting access to the user's own processe,
short of rewriting the /proc filesystem.

I wouldn't restrict ps on _our_ systems, but I think the kernel should
care more what information is given to which users.  Maybe they could
implement a mount option for this...

joerg

--
Joerg Czeranski                 EMail czeranski () informatik tu-clausthal de
Osteroeder Strasse 55                 czeranski () rz tu-clausthal de
D 38678 Clausthal-Zellerfeld    WWW   http://www.in.tu-clausthal.de/~injc/