Dmitri Nikulin <setagllib@optusnet.com.au> wrote on Tue, 16 Nov 2004
at 21:31:57 +1100 in <4199D71D.4040404@optusnet.com.au>:

> Date: Tue, 16 Nov 2004 21:31:57 +1100
> From: Dmitri Nikulin <setagllib@optusnet.com.au>
> User-Agent: Mozilla Thunderbird 0.8 (X11/20041110)
> X-Accept-Language: en-us, en
> To: tech-security@NetBSD.org
> Subject: Re: Preventative security features?

[ Oh dear. You have quoted my private email to a public list.
Netiquette dictates that this is not a reasonable thing to do, absent
permission. Please endeavor to ensure that in the future, you do not
do this. ]



> You'll have to explain further. I've never heard of a need to see that 
> someone else is running vi or emacs for doing their work, in terms of a 
> social benefit.

Well, the "social benefit" is but one of the set of 4 items that I
mentioned.  Even if you don't buy that one, the others stand.

Let's say the system feels slow, and I run ps and I see that user
'fred' is running matlab and taking up 80% of the CPU time.  Now I can
walk down the hall and say to Fred, "Hey, you're taking up a lot of
resources on bigmachine; could you possibly renice your process, or
let me know when you'll be done?" That's a social benefit.

> In fact a lot of privacy issues occur because people see what others

Of course there are privacy issues. Again, I don't claim that everyone
wants process table visibility, or that it is always the right
thing. My claim is very narrow: that some people believe it to be a
Good Thing, so you may not reasonably argue that removing it is always
good.

> If responsible system usage involves not loading the system while many 
> others are working, there are other mechanisms for that. Looking at load 
> averages, for instance.

That hardly tells you who is at fault.

> But I doubt any users will need to heavily load a shared system
> anyway - as a courtesy any number-crunching should be done on
> private (or dedicated) machines, and compilations during software
> development are usually minimal load because make avoids
> redundancy.

Like it or not, it happens in real life.

--jhawk


> >It can certainly be argued that it is Good Thing on a shared shell server
> >that users can see each others processes. It promotes responsible system
> >usage, the ability of users to investigate problems without invoking
> >administrators, encourages a belief in a shared system that you don't
> >mess up for other people, and may have positive social benefits.
> >
> >It's not a slam dunk, but it can certainly be argued that it viewing
> >process you don't own is a Good Thing.