From owner-freebsd-current  Fri Sep 18 20:19:30 1998
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id UAA08660
          for freebsd-current-outgoing; Fri, 18 Sep 1998 20:19:30 -0700 (PDT)
          (envelope-from owner-freebsd-current@FreeBSD.ORG)
Received: from fledge.watson.org (COPLAND.CODA.CS.CMU.EDU [128.2.222.48])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id UAA08655
          for <freebsd-current@FreeBSD.ORG>; Fri, 18 Sep 1998 20:19:28 -0700 (PDT)
          (envelope-from robert@cyrus.watson.org)
Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3])
	by fledge.watson.org (8.8.8/8.8.8) with SMTP id XAA14554;
	Fri, 18 Sep 1998 23:18:43 -0400 (EDT)
Date: Fri, 18 Sep 1998 23:18:43 -0400 (EDT)
From: Robert Watson <robert@cyrus.watson.org>
X-Sender: robert@fledge.watson.org
Reply-To: Robert Watson <robert+freebsd@cyrus.watson.org>
To: Danny Dulai <nirva@ishiboo.com>
cc: "David E. Cross" <crossd@cs.rpi.edu>,
        =?iso-8859-1?Q?Dag-Erling_Co=EFdanSm=F8rgrav?= <dag-erli@ifi.uio.no>,
        Andrzej Bialecki <abial@nask.pl>,
        Doug White <dwhite@resnet.uoregon.edu>, freebsd-current@FreeBSD.ORG
Subject: Re: Limit 'ps' to show only user's processes
In-Reply-To: <19980918133626.13813@bleep.ishiboo.com>
Message-ID: <Pine.BSF.3.96.980918231631.13698A-100000@fledge.watson.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from QUOTED-PRINTABLE to 8bit by hub.freebsd.org id UAA08656
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG


I don't think there is any way to hide the existence of other processes --
a process that performs:

int i, lasti;
while (1) {
	i = fork();
	if (!i) {
		exit(0);
	}
	if (i != lasti + 1) {
		
....

I think the real goal here is to limit the availability of the command
line arguments and environmental variables, and possibly (probably) also
the executable in use.  That should not be too hard if all utilities that
munge this data out of kmem are finally moved to using /proc...


On Fri, 18 Sep 1998, Danny Dulai wrote:

> Quoting David E. Cross (crossd@cs.rpi.edu):
> > On 18 Sep 1998, Dag-Erling [iso-8859-1] Coïdan[iso-8859-1] Smørgrav wrote:
> > 
> > > > Make it impossible. The point is to hide this information from
> > > > non-privileged users, and changing 'ps' only doesn't help much (I cna
> > > > always recompile my own version).
> > > 
> > > No you can't. ps(1) is setgid kmem.
> > 
> > ls -la /proc
> 
> Also, you'd need to fix kill(2) and any other syscall that takes a
> pid as an arg to return some incorrect error.
> 
> I could always write a program that needed no special privs:
> 
>     for (i=1; i<MAXPID; i++)
> 	if (kill(i, 0) >= 0 || errno != ESRCH)
> 	    printf("pid %d exists");
> 
> Now, this isnt giving you much information, but it is leaking the existence
> of other pids, that arent owned by you.
> 
> -- 
> ___________________________________________________________________________
> Danny Dulai                                           Feet. Pumice. Lotion.
> http://www.ishiboo.com/~nirva/                            nirva@ishiboo.com
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-current" in the body of the message
> 


  Robert N Watson 

Carnegie Mellon University            http://www.cmu.edu/
TIS Labs at Network Associates, Inc.  http://www.tis.com/
SafePort Network Services             http://www.safeport.com/
robert@fledge.watson.org              http://www.watson.org/~robert/


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message