ps -e without procfs(5).

[Garance A Drosihn]

At 12:12 AM +0100 12/1/04, Pawel Jakub Dawidek wrote:
>Hello.
>
>I need some testing for this patch:
>
>	http://people.freebsd.org/~pjd/patches/ps-e.patch
>
>It allows to use 'ps -e' without procfs(5) mounted.
>
>I decided to disable this functionality by default, because procfs(5)
>is also disabled by default and some people may already depend on the
>fact, that environment is a secret by default.
>To see the effects, you need to increase sysctl kern.ps_env_cache_limit
>to for example 1024.

I think it is true that procfs was mounted by default in 4.x, so I
am not sure we need to start the system with kern.ps_env_cache_limit
set to 0.  Note that there are (or were?) other protections in `ps'
such that non-root users can only see the environment variables for
their own processes.  They can't see them for processes owned by
other users.  And in 5.x, if procfs *is* mounted then users can't
even see environment variables of their own processes if sysctl
security.bsd.unprivileged_proc_debug is set to 0 (it defaults to 1).

I also notice that due to the way your new ability is implemented,
nobody can see the environment variables for any process which was
started up before the kern.ps_env_cache_limit is set.  I tried to
set it in /boot/loader.conf.local, but that didn't seem to work.
(that may have been due to an error on my part, though).

Hmm.  And actually, your new version does seem to allow users to see
the environment variables of processes they do not own, once the new
sysctl is turned on.  That would not be a good change to make.

-- 
Garance Alistair Drosehn            =   gad at gilead.netel.rpi.edu
Senior Systems Programmer           or  gad at freebsd.org
Rensselaer Polytechnic Institute    or  drosih at rpi.edu