Flawed Thinking

by Adam Kerrison | 11 Jul 2007 | Permalink | Featured, IT Management, Software

We’ve recently been struggling with issues caused by a OS patch, which is not that unusual.

To understand the problem you need a bit of history. Back in the early 1990’s Sun switched from BSD based SunOS to System V based Solaris (we’ll skip the marketing move of rebranding SunOS 4.1 as Solaris 1).

With such a major change in the OS architecture many commands changed. One of the effected commands was “ps”. The older BSD ps and the newer System V ps have a completely different command line syntax – to avoid huge migration problems Sun had been wise enough to keep both, with the older BSD ps being available as part of a BSD compatibilty package (/usr/ucb/ps), which still exists to this day.

One thing that makes the Sun System V ps a pain to use is that for some reason Sun decided that the command information it prints would be limited to the first 79 characters of the command line.

Sun claim that this is to “prevent leaking private process data” (say a password option on the command line: bad practice I know but actually fairly common) but this is flawed thinking.

There is nothing to prevent a user running a command where the “private data” is in the first 79 characters of the command line – all the limit does is prevent troubleshooting and makes a System Administrator’s life hell (now you know why they are generally grumpy!). I think the fact that /usr/ucb/ps is still installed on just about every Solaris machine I’ve ever seen means it wasn’t a good decision.

However, Sun still think the limit is a good idea. With the release of Solaris 10, /usr/ucb/ps was limited to 79 characters unless you run it as root or your user account is granted additional privileges, which is typically tricky to do in a global and complex organization. This seems crazy to me because the change doesn’t avoid the problem it is supposed to address!

Now, the situation has become worse. Sun has released patches for its older OS versions to address a security vulnerability with environment variables in /usr/ucb/ps but a side effect of this patch is the 79 character limit introduced in Solaris 10! Anyone want to bet that the patch is really a back ported version of the Solaris 10 /usr/ucb/ps?

Anyway, after much chasing, Sun have admitted that this is bug (Bug ID: 6428619) – hurrah! Maybe we can get them to admit that the 79 character limit a bug too? Somehow I doubt that …

The thing that really makes we wonder about this whole truncating issue is that NO other UNIX platform has the same restriction. Why do Sun think this is a good idea? I’m all for secure systems but this is “security by obscurity” and not prevention of the issue.