Bugtraq mailing list archives
Re: ps(1) for freebsd.
From: scotts () cybersource com (Scott Smith)
Date: Thu, 13 Aug 1998 18:35:50 -0700
Paranoia is not synonymous with security, nor is it synonymous with "privacy." Hacking ps to fix a security problem in ppp is not the solution: fixing ppp is. ps(1)'s -a and -e flags were implemented for a reason; to remove them is de-evolutionary.
Agreed, but one could associate the ability as an unprivledged user to read *other* users' environment variables with the finger(1) bug that allowed users to read arbitraty files (or the sendmail uuencode bug, or ...). The only difference is that the target is not a file, it is an environment variable. There is a reason I make my shell's rc files mode 0700 and have a umask of 077, and paranoia/security laziness are *not* why. :) Scott -- scott () cybersource com UNIX Sysadmin, CyberSource (ext. 6093) "My manager, after having poked his head into my area for the 10th time today, said, `I just can never understand how sysadmins can work effectively with people breathing down their necks.'" - a friend
Current thread:
- ps(1) for freebsd. Ben (Aug 12)
- Re: ps(1) for freebsd. JDC (Aug 13)
- Re: ps(1) for freebsd. Scott Smith (Aug 13)
- URL exploit to crash Opera Browser Zac Leow C.H (Aug 13)
- Re: ps(1) for freebsd. JDC (Aug 13)