|
|
BugTraq
ps information leak in FreeBSD Jan 05 2003 08:46PM Cache (cache sowatech com pl) (2 replies) Re: ps information leak in FreeBSD Jan 07 2003 09:18AM Jez Hancock (jez hancock munk nu) (2 replies) Re: ps information leak in FreeBSD Jan 07 2003 05:48PM Crist J. Clark (crist clark attbi com) (1 replies) |
|
Privacy Statement |
...
> It's annoying in that I see a lot of users running mysql with the -u and -p options:
>
> mysql -u user -p mypassword
>
> on the commandline, thinking that this info will not show up in ps listings when ps
> is run by other users. Ho hum...
As has already been pointed out, this is something that the application
should deal with. Despite this, FreeBSD also has a sysctl knob which will
protect against this.
(2) root:~$ sysctl kern.ps_argsopen=0
kern.ps_argsopen: 1 -> 0
This will prevent exactly the problem you describe, by making arguments not
viewable to other users (excluding root). IT also appears to take effect in
/proc, such as /proc/<pid>/cmdline.
This is present in FreeBSD 4.7-STABLE, at least.
--
Sean Kelly | PGP KeyID: D2E5E296
smkelly (at) zombie (dot) org [email concealed] | http://www.zombie.org
[ reply ]