AFAIK, a command needs root (or process owner, or perhaps some fine-grained
permission?) to obtain environment variables of other processes, so that could
be clamped down on. But /proc makes /proc/*/psinfo publically readable,
so anybody can see anyone's command line arguments.
What if /proc provided two different views of the contents of a psinfo file,
depending on whether the reader was {the same euid as the process owner,
root, or had some fine-grained permission}? The unprivileged reader would
see it as if pr_psargs had the same contents as pr_fname, while the privileged
reader would see it as now, with the greater detail.
This message posted from opensolaris.org
