On Apr 3, 2006, at 3:41 PM, Daniel Eischen wrote:
... and you *still* haven't shown *why* kill() reporting a PID is
in use,
even if its not in the current jail, is such a security threat ...
For reducing attacks I suppose. But conceptually, something running
in a jail shouldn't be allowed to see out.
I don't think it gives you much information given that PIDs come and
go and there's no atomicity in checking if it exists, and then
finding what it is. Even on the same jail the PID could go away
after you check for it before you try to pry into what it is or do
something else.
I think it is an overly paranoid attempt at hiding information that
is otherwise useful. At worst there should be a sysctl to enable it.
_______________________________________________
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
