Date: Mon, 11 Aug 1997 11:26:38 -0700 From: Sean Eric Fagan <sef@Kithrup.COM> To: security@freebsd.org Subject: Re: procfs hole Message-ID: <199708111826.LAA20143@kithrup.com> In-Reply-To: <Pine.BSF.3.96.970811172705.4290A-100000.kithrup.freebsd.security@super-g.inch.com> References: <Pine.BSI.3.95.970810143501.19099B-100000@shell.firehouse.net>
next in thread | previous in thread | raw e-mail | index | archive | help
In article <Pine.BSF.3.96.970811172705.4290A-100000.kithrup.freebsd.security@super-g.inch.com> you write: >On Sun, 10 Aug 1997, Brian Mitchell wrote: >> any setuid program. As noted, the easiest way to avoid the problem is just >> to disable procfs -- nobody really uses it anyways. >Would anyone be willing to give a short explanation of the /proc >filesystem and what the original conception of it accomplished? procfs privodes a filesystem interface to the system processes. (I would say "process table," but it isn't a table in freebsd ;).) It is laid out as: /proc curproc/ <pids>/ ctl etype file fpregs map mem note notepg regs status You can send signals by writing to ctl; you can find out what kind of executable it is by reading etype (e.g., "FreeBSD a.out"); regs and fpregs have the register set; map has the process' memory map, in ascii format; status has something similar to ps when you read it. mem is the process' memory space, and file is the vnode that the process is executing. Brian is wrong -- ps uses procfs, and I have two applications that use an extended procfs. Ideally, you could use procfs for a debugger. This has certain advantages over ptrace() -- ptrace is an *old* API, and lacking in certain ways. (Want to read more than one word at a time? Oops.) procfs first appeared in version 8, I think. It's standard in SysVr4. The FS code for procfs in BSD were written by Jan-Simon Pendry, and the memory guts were written by myself. It has languished for a while, due to my having to do other things, and being somewhat dispirited. I started changing that a couple of weeks ago.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199708111826.LAA20143>