by redmail.netbsd.org with SMTP; 5 Dec 1999 13:16:52 -0000
 via SMTP by mailo.vtcif.telstra.com.au, id smtpd5ObkU_; Mon Dec  6 00:16:15 1999
 via SMTP by localhost, id smtpdvx96s_; Mon Dec  6 00:15:51 1999
          by balrog.supp.cpr.itg.telecom.com.au (8.8.4/8.8.4) with ESMTP
	  id AAA26358; Mon, 6 Dec 1999 00:15:49 +1100
Message-Id: <199912051315.AAA26358@balrog.supp.cpr.itg.telecom.com.au>
From: Simon Burge <simonb@netbsd.org>
To: Dave Sainty <dave@dtsp.co.nz>
Cc: tech-security@netbsd.org
Subject: Re: ps -e 
In-Reply-To: Your message of "Sat, 04 Dec 1999 11:39:10 +1300 "
	<199912032242.RAA14366@falku.pair.com> 
Date: Mon, 06 Dec 1999 00:15:49 +1100

Dave Sainty wrote:

> << Also sent to current-users + Simon >>
> 
> Simon Burge writes:
> 
> > Module Name:	basesrc
> > Committed By:	simonb
> > Date:		Fri Dec  3 02:16:42 UTC 1999
> > 
> > Modified Files:
> > 	basesrc/bin/ps: extern.h print.c ps.1 ps.c
> > 
> > Log Message:
> > "ps -e" only shows the environment for the processes owned by the
> > current user id or all process if run by root.
> > 
> > Fixes PR security/5967 from Todd Vierling.
> 
> Sometimes -e on other users processes is useful in the same way that
> using ps to see other users processes is (command line arguments etc).
> 
> This seems rather a half-hearted change (why not make other peoples
> command lines/processes unviewable too?), and given that the
> environment has historically been viewable, no-one should consider it
> secure anyway.
> 
> It seems to me to be hard to justify breaking this feature...

There was a discussion on tech-security about this a whiles ago and
it seemed that the intent of that PR was ok.  However that discussion
turned into a "grand scheme of things" thing - I'm going to submit a
change-request PR that covers some of the things you mention and more.
Look for a thread called "confidential PRs that should be resolved
before 1.4 ships" around the end of April this year.

Simon.