Date: Tue, 27 Aug 2002 04:34:04 -0500 (CDT) From: Sean Kelly <smkelly@zombie.org> To: FreeBSD-gnats-submit@FreeBSD.org Cc: des@FreeBSD.org, nugget@slacker.com Subject: kern/42065: kern.ps_showallprocs has no effect on /proc Message-ID: <20020827093404.5986F66B04@edgemaster.zombie.org>
next in thread | raw e-mail | index | archive | help
>Number: 42065
>Category: kern
>Synopsis: kern.ps_showallprocs has no effect on /proc
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: change-request
>Submitter-Id: current-users
>Arrival-Date: Tue Aug 27 02:40:01 PDT 2002
>Closed-Date:
>Last-Modified:
>Originator: Sean Kelly
>Release: FreeBSD 4.6-STABLE i386
>Organization:
>Environment:
System: FreeBSD edgemaster.zombie.org 4.6-STABLE FreeBSD 4.6-STABLE #3: Tue Aug 27 02:56:03 CDT 2002 root@edgemaster.zombie.org:/usr/obj/usr/src/sys/EDGEMASTER i386
>Description:
When using the 'kern.ps_showallprocs' sysctl, the administrator can
hide processes that don't belong to users if they don't own said
processes. Unfortunately, /proc doesn't follow this sysctl and
continues displaying all processes. This makes the sysctl useless if
the /proc filesystem is necessary or desired.
>How-To-Repeat:
# sysctl kern.ps_showallprocs=0
$ ps ax
$ ls /proc
>Fix:
I have written a patch to allow this /proc to take advantage of this
sysctl. The patch was also reviewed by jeff@FreeBSD.org. All testing
shows that it seems to work fine. The patch merely modifies
procfs_lookup() and procfs_readdir() functions.
Reviewed by: jeff
diff -ru sys.orig/kern/kern_proc.c sys/kern/kern_proc.c
--- sys.orig/kern/kern_proc.c Tue May 1 08:39:06 2001
+++ sys/kern/kern_proc.c Tue Aug 27 02:30:53 2002
@@ -55,7 +55,7 @@
static MALLOC_DEFINE(M_PROC, "proc", "Proc structures");
MALLOC_DEFINE(M_SUBPROC, "subproc", "Proc sub-structures");
-static int ps_showallprocs = 1;
+int ps_showallprocs = 1;
SYSCTL_INT(_kern, OID_AUTO, ps_showallprocs, CTLFLAG_RW,
&ps_showallprocs, 0, "");
diff -ru sys.orig/miscfs/procfs/procfs_vnops.c sys/miscfs/procfs/procfs_vnops.c
--- sys.orig/miscfs/procfs/procfs_vnops.c Tue Jan 22 11:22:59 2002
+++ sys/miscfs/procfs/procfs_vnops.c Tue Aug 27 04:25:39 2002
@@ -734,6 +734,10 @@
if (p == NULL)
break;
+ if (ps_showallprocs == 0 && ap->a_cnp->cn_cred->cr_uid != 0 &&
+ ap->a_cnp->cn_cred->cr_uid != p->p_cred->pc_ucred->cr_uid)
+ break;
+
return (procfs_allocvp(dvp->v_mount, vpp, pid, Pproc));
case Pproc:
@@ -744,6 +748,10 @@
if (p == NULL)
break;
+ if (ps_showallprocs == 0 && ap->a_cnp->cn_cred->cr_uid != 0 &&
+ ap->a_cnp->cn_cred->cr_uid != p->p_cred->pc_ucred->cr_uid)
+ break;
+
for (pt = proc_targets, i = 0; i < nproc_targets; pt++, i++) {
if (cnp->cn_namelen == pt->pt_namlen &&
bcmp(pt->pt_name, pname, cnp->cn_namelen) == 0 &&
@@ -899,6 +907,16 @@
if (!p)
goto done;
}
+ if (ps_showallprocs == 0 &&
+ ap->a_cred->cr_uid != 0 &&
+ ap->a_cred->cr_uid !=
+ p->p_cred->pc_ucred->cr_uid) {
+ p = p->p_list.le_next;
+ if (!p)
+ goto done;
+ break;
+ }
+
dp->d_fileno = PROCFS_FILENO(p->p_pid, Pproc);
dp->d_namlen = sprintf(dp->d_name, "%ld",
(long)p->p_pid);
diff -ru sys.orig/sys/proc.h sys/sys/proc.h
--- sys.orig/sys/proc.h Thu Jan 31 12:40:29 2002
+++ sys/sys/proc.h Tue Aug 27 02:29:45 2002
@@ -415,6 +415,7 @@
extern u_long ps_arg_cache_limit;
extern int ps_argsopen;
+extern int ps_showallprocs;
struct proc *pfind __P((pid_t)); /* Find process by id. */
struct pgrp *pgfind __P((pid_t)); /* Find process group by id. */
>Release-Note:
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020827093404.5986F66B04>