Bugtraq mailing list archives
Re: ps(1) for freebsd.
From: yoshi () PARODIUS COM (JDC)
Date: Thu, 13 Aug 1998 15:48:42 -0700
On XX 08/12/1998 03:00:21PM, spy () TYR OFFICE EFN ORG wrote:
The ps(1) command for FreeBSD can be used to show environment variable for user proccesses running as you, or other users. While not a bug itself, this will allow you to view certain things, i.e. is root logged on?, FTP_SERVER, FTP_PASSWORD, or if the machine is a dialup box, and ppp is dialing at the time you execute ps(1) you will be able to view the password and login for their account. For privacy reasons I made patches that only allow ps(1) to show the proccesses for the user running it, making the '-a' flag go away, unless your uid or gid is 0.
Paranoia is not synonymous with security, nor is it synonymous with "privacy." Hacking ps to fix a security problem in ppp is not the solution: fixing ppp is. ps(1)'s -a and -e flags were implemented for a reason; to remove them is de-evolutionary. tata. -- | Jeremy Chadwick System Administrator | | yoshi () parodius com ICQ #6279222 | | "Where is fancy bread? In the heart, or in the head?" - WW |
Current thread:
- ps(1) for freebsd. Ben (Aug 12)
- Re: ps(1) for freebsd. JDC (Aug 13)
- Re: ps(1) for freebsd. Scott Smith (Aug 13)
- URL exploit to crash Opera Browser Zac Leow C.H (Aug 13)
- Re: ps(1) for freebsd. JDC (Aug 13)