Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <pgsql-general-owner+archive@lists.postgresql.org>)
	id 1t1C76-00F7eB-CK
	for pgsql-general@arkaria.postgresql.org; Wed, 16 Oct 2024 22:03:28 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.94.2)
	(envelope-from <pgsql-general-owner+archive@lists.postgresql.org>)
	id 1t1C74-00BDL9-Jk
	for pgsql-general@arkaria.postgresql.org; Wed, 16 Oct 2024 22:03:26 +0000
Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29])
	by malur.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <tgl@sss.pgh.pa.us>)
	id 1t1C74-00BDL0-8E
	for pgsql-general@lists.postgresql.org; Wed, 16 Oct 2024 22:03:26 +0000
Received: from sss.pgh.pa.us ([68.162.161.243])
	by magus.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <tgl@sss.pgh.pa.us>)
	id 1t1C72-001Qb9-Ce
	for pgsql-general@lists.postgresql.org; Wed, 16 Oct 2024 22:03:26 +0000
Received: from sss1.sss.pgh.pa.us (localhost [127.0.0.1])
	by sss.pgh.pa.us (8.15.2/8.15.2) with ESMTP id 49GM3F8m483068;
	Wed, 16 Oct 2024 18:03:15 -0400
From: Tom Lane <tgl@sss.pgh.pa.us>
To: "Peter J. Holzer" <hjp-pgsql@hjp.at>
cc: pgsql-general@lists.postgresql.org
Subject: Re: What are best practices wrt passwords?
In-reply-to: <20241016212715.b5ioj7pwfeoqzkzm@hjp.at>
References: <87o73kgzkd.fsf@mbork.pl> <CAFCRh-8dM4bLGTKcv1v5wC9guhY_b5G=6w-ivHM4UJGwMUyWaA@mail.gmail.com> <87frowggzq.fsf@mbork.pl> <Zw_qvUHTC98XcGa6@momjian.us> <186766.1729097245@sss.pgh.pa.us> <B3A1837B-FA96-42A4-A6D4-949E93EB267C@thebuild.com> <20241016212715.b5ioj7pwfeoqzkzm@hjp.at>
Comments: In-reply-to "Peter J. Holzer" <hjp-pgsql@hjp.at>
	message dated "Wed, 16 Oct 2024 23:27:15 +0200"
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-ID: <483066.1729116195.1@sss.pgh.pa.us>
Date: Wed, 16 Oct 2024 18:03:15 -0400
Message-ID: <483067.1729116195@sss.pgh.pa.us>
List-Id: <pgsql-general.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgsql-general@lists.postgresql.org>
List-Owner: <mailto:pgsql-general-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgsql-general>
Archived-At: <https://www.postgresql.org/message-id/483067.1729116195%40sss.pgh.pa.us>
Precedence: bulk

"Peter J. Holzer" <hjp-pgsql@hjp.at> writes:
> On Linux, unprivileged users can only see the environment of their own
> processes since a *very* long time ago. Possibly even before Ubuntu even
> existed. So I'm somewhat sceptical about that. Some other Unixes were
> more permissive. I don't know what camp MacOS falls into.

I poked at that on current macOS (Sequoia).  The rule for unprivileged
users seems to be the same as on Linux: you can see the environment
variables of processes belonging to you.  What is really interesting
is that "sudo ps auxwwe" and "ps auxwwe" have the same results: you
can still see only your own processes' environment variables.  The
sole exception when I tried it was that under sudo the root-owned "ps"
command showed its own environment variables, which is pretty bizarre.
Looks like the test is not actually on the reported process ownership
but some inherited property.

To confuse matters even more, another machine that's running Sequoia
but with SIP turned off acts more like Linux: "sudo ps auxwwe" shows
environment variables for everything.  So Apple's marching to their
own drummer as usual, but it doesn't look like there's any case where
they are more permissive than the Linux rule.  I'm still not convinced
about whether all *BSD flavors match that, though.

			regards, tom lane