Subject: Re: confidential PRs that should be resolved before 1.4 ships
To: None <tech-security@NetBSD.ORG>
From: Greg A. Woods <>
List: tech-security
Date: 04/28/1999 14:40:51
[ On Wednesday, April 28, 1999 at 11:58:35 (+1000), Darren Reed wrote: ]
> Subject: Re: confidential PRs that should be resolved before 1.4 ships
> I'll mull that one over.  I'm very used to being able to "ps ax" and
> see everything - root or not - and it would be inconviencing to have
> to be root but at the same time I can see it's place.  Going further,
> should it even be able to list processes for other users or is not
> providing that information just being silly given what /proc provides
> anyway ?

Me too!  Besides, the merest thought of trying to prevent this by
hacking ps or /proc or whatever smells very badly of "security by

Privacy is, of course, another matter, but I think if there are a bunch
of people sharing a multi-user computer system then it's only fair to
allow them to find out at least something about what each other is
doing, if only so they can go knock heads together when someone does
something stupid that impacts the entire user community.  Personally I
do side much closer to RMS with respect to privacy issues in a computing
environment, but of course that's just for the default case.  I think
that if there are real privacy concerns then the users who need to be
hidden from each other must be locked into some form of application-
specific environment anyway -- there are far too many channels for
information leakage if they're given general access to the shell, even
if "/proc", "ps", "top", et al are removed completely from the system.

In effect I think what's being discussed would be like putting up a big
screen along the sidewalk so that you could only look at someone's yard
and house if you were given permission to come through to the other side
of the screen -- and you'd even have to put silencers on their garden
tools so that nobody outside could even tell if they're mowing their
lawns or what have you!  I.e. this whole discussion is totally silly! ;-)

> However, is sysctl the correct way to control this behaviour ?  Why should
> application controls be stored in the kernel ?  That is if we wanted it to
> be changable from run-time rather than compile-time...
> Why not a file in /etc or even a directory with files controlling this
> and other features ? Similar to Solaris' /etc/default/*...

Definitely *NOT* a kernel variable -- something under /etc is more than

							Greg A. Woods

+1 416 218-0098      VE3TCP      <>      <robohack!woods>
Planix, Inc. <>; Secrets of the Weird <>