Subject: Re: confidential PRs that should be resolved before 1.4 ships
To: Simon Burge <simonb@NetBSD.ORG>
From: Darren Reed <>
List: tech-security
Date: 04/28/1999 11:58:35
In some email I received from Simon Burge, sie wrote:
> Darren Reed wrote:
> > > I'm not so keen on having ps no longer list others' processes, but
> > > others' process args is a definite issue.  (it's the same as the
> > > environment, really.)
> > 
> > "ps -aewww" is your friend when you're an uber-hacker keeping track
> > of who's who on the system :)
> > 
> > I thinking removing process args from display is going perhaps too far ?
> As I said in a separate email, "root" should always be able to see
> everything.

I'll mull that one over.  I'm very used to being able to "ps ax" and
see everything - root or not - and it would be inconviencing to have
to be root but at the same time I can see it's place.  Going further,
should it even be able to list processes for other users or is not
providing that information just being silly given what /proc provides
anyway ?

However, is sysctl the correct way to control this behaviour ?  Why should
application controls be stored in the kernel ?  That is if we wanted it to
be changable from run-time rather than compile-time...

Why not a file in /etc or even a directory with files controlling this
and other features ? Similar to Solaris' /etc/default/*...


p.s. I moved this to tech-security...