From owner-freebsd-current  Sun Apr 28 14:11:35 2002
Delivered-To: freebsd-current@freebsd.org
Received: from fledge.watson.org (fledge.watson.org [204.156.12.50])
	by hub.freebsd.org (Postfix) with ESMTP
	id 2A9AB37B400; Sun, 28 Apr 2002 14:11:28 -0700 (PDT)
Received: from fledge.watson.org (fledge.pr.watson.org [192.0.2.3])
	by fledge.watson.org (8.11.6/8.11.6) with SMTP id g3SLBFw09631;
	Sun, 28 Apr 2002 17:11:15 -0400 (EDT)
	(envelope-from robert@fledge.watson.org)
Date: Sun, 28 Apr 2002 17:11:14 -0400 (EDT)
From: Robert Watson <rwatson@FreeBSD.org>
X-Sender: robert@fledge.watson.org
To: "Crist J. Clark" <cjc@FreeBSD.org>
Cc: Richard Arends <richard@unixguru.nl>,
	Kris Kennaway <kris@obsecurity.org>, current@FreeBSD.org
Subject: Re: truss
In-Reply-To: <20020428134506.J37618@blossom.cjclark.org>
Message-ID: <Pine.NEB.3.96L.1020428170909.64976O-100000@fledge.watson.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-current.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-current>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-current>
X-Loop: FreeBSD.ORG


On Sun, 28 Apr 2002, Crist J. Clark wrote:

> On Sun, Apr 28, 2002 at 03:59:44PM -0400, Robert Watson wrote:
> [snip]
> 
> > In FreeBSD 5.0, all this information is exported from the kernel using the
> > sysctl() interface, which provides much more information gating, and
> > flexibe policy controls.  This exists in part in 4.x, but not completely. 
> > In 5.0, ps requires no special privilege, and access control is done
> > entirely in the kernel.
> 
> I think I'm missing something here.
> 
>   $ uname -r
>   4.5-RELEASE
>   $ ls -l /bin/ps
>   -r-xr-xr-x  1 root  wheel  213796 Jan 30 14:30 /bin/ps
> 
> ps(1) has no special privileges in 4.x, but I may not understand what
> you mean by "special privileges?" (To me it means s{u,g}id.)

Hmm.  I'd forgotten that the setgid kmem was removed in 4.x; I was
probably thinking of top, which still is setgid in -STABLE.  You'll find
however, that -e won't work without setgid kmem being turned on.  There
are a number of other tools in -CURRENT that aren't setgid kmem where they
are in -STABLE (top, iostat, etc).

Robert N M Watson             FreeBSD Core Team, TrustedBSD Project
robert@fledge.watson.org      NAI Labs, Safeport Network Services



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message