From owner-freebsd-bugs Tue Aug 27 2:40:17 2002 Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 30E0537B400 for ; Tue, 27 Aug 2002 02:40:03 -0700 (PDT) Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8646C43E7B for ; Tue, 27 Aug 2002 02:40:02 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.4/8.12.4) with ESMTP id g7R9e2JU044480 for ; Tue, 27 Aug 2002 02:40:02 -0700 (PDT) (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.12.4/8.12.4/Submit) id g7R9e22P044479; Tue, 27 Aug 2002 02:40:02 -0700 (PDT) Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6812237B400; Tue, 27 Aug 2002 02:34:10 -0700 (PDT) Received: from edgemaster.zombie.org (dhcp039-230.creighton.edu [147.134.39.230]) by mx1.FreeBSD.org (Postfix) with ESMTP id E579443E3B; Tue, 27 Aug 2002 02:34:09 -0700 (PDT) (envelope-from smkelly@zombie.org) Received: by edgemaster.zombie.org (Postfix, from userid 1001) id 5986F66B04; Tue, 27 Aug 2002 04:34:04 -0500 (CDT) Message-Id: <20020827093404.5986F66B04@edgemaster.zombie.org> Date: Tue, 27 Aug 2002 04:34:04 -0500 (CDT) From: Sean Kelly Reply-To: Sean Kelly To: FreeBSD-gnats-submit@FreeBSD.org Cc: des@FreeBSD.org, nugget@slacker.com X-Send-Pr-Version: 3.113 Subject: kern/42065: kern.ps_showallprocs has no effect on /proc Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org >Number: 42065 >Category: kern >Synopsis: kern.ps_showallprocs has no effect on /proc >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Tue Aug 27 02:40:01 PDT 2002 >Closed-Date: >Last-Modified: >Originator: Sean Kelly >Release: FreeBSD 4.6-STABLE i386 >Organization: >Environment: System: FreeBSD edgemaster.zombie.org 4.6-STABLE FreeBSD 4.6-STABLE #3: Tue Aug 27 02:56:03 CDT 2002 root@edgemaster.zombie.org:/usr/obj/usr/src/sys/EDGEMASTER i386 >Description: When using the 'kern.ps_showallprocs' sysctl, the administrator can hide processes that don't belong to users if they don't own said processes. Unfortunately, /proc doesn't follow this sysctl and continues displaying all processes. This makes the sysctl useless if the /proc filesystem is necessary or desired. >How-To-Repeat: # sysctl kern.ps_showallprocs=0 $ ps ax $ ls /proc >Fix: I have written a patch to allow this /proc to take advantage of this sysctl. The patch was also reviewed by jeff@FreeBSD.org. All testing shows that it seems to work fine. The patch merely modifies procfs_lookup() and procfs_readdir() functions. Reviewed by: jeff diff -ru sys.orig/kern/kern_proc.c sys/kern/kern_proc.c --- sys.orig/kern/kern_proc.c Tue May 1 08:39:06 2001 +++ sys/kern/kern_proc.c Tue Aug 27 02:30:53 2002 @@ -55,7 +55,7 @@ static MALLOC_DEFINE(M_PROC, "proc", "Proc structures"); MALLOC_DEFINE(M_SUBPROC, "subproc", "Proc sub-structures"); -static int ps_showallprocs = 1; +int ps_showallprocs = 1; SYSCTL_INT(_kern, OID_AUTO, ps_showallprocs, CTLFLAG_RW, &ps_showallprocs, 0, ""); diff -ru sys.orig/miscfs/procfs/procfs_vnops.c sys/miscfs/procfs/procfs_vnops.c --- sys.orig/miscfs/procfs/procfs_vnops.c Tue Jan 22 11:22:59 2002 +++ sys/miscfs/procfs/procfs_vnops.c Tue Aug 27 04:25:39 2002 @@ -734,6 +734,10 @@ if (p == NULL) break; + if (ps_showallprocs == 0 && ap->a_cnp->cn_cred->cr_uid != 0 && + ap->a_cnp->cn_cred->cr_uid != p->p_cred->pc_ucred->cr_uid) + break; + return (procfs_allocvp(dvp->v_mount, vpp, pid, Pproc)); case Pproc: @@ -744,6 +748,10 @@ if (p == NULL) break; + if (ps_showallprocs == 0 && ap->a_cnp->cn_cred->cr_uid != 0 && + ap->a_cnp->cn_cred->cr_uid != p->p_cred->pc_ucred->cr_uid) + break; + for (pt = proc_targets, i = 0; i < nproc_targets; pt++, i++) { if (cnp->cn_namelen == pt->pt_namlen && bcmp(pt->pt_name, pname, cnp->cn_namelen) == 0 && @@ -899,6 +907,16 @@ if (!p) goto done; } + if (ps_showallprocs == 0 && + ap->a_cred->cr_uid != 0 && + ap->a_cred->cr_uid != + p->p_cred->pc_ucred->cr_uid) { + p = p->p_list.le_next; + if (!p) + goto done; + break; + } + dp->d_fileno = PROCFS_FILENO(p->p_pid, Pproc); dp->d_namlen = sprintf(dp->d_name, "%ld", (long)p->p_pid); diff -ru sys.orig/sys/proc.h sys/sys/proc.h --- sys.orig/sys/proc.h Thu Jan 31 12:40:29 2002 +++ sys/sys/proc.h Tue Aug 27 02:29:45 2002 @@ -415,6 +415,7 @@ extern u_long ps_arg_cache_limit; extern int ps_argsopen; +extern int ps_showallprocs; struct proc *pfind __P((pid_t)); /* Find process by id. */ struct pgrp *pgfind __P((pid_t)); /* Find process group by id. */ >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message