Date: Mon, 1 Mar 2004 09:32:27 -0500 (EST) From: Robert Watson <rwatson@freebsd.org> To: Andy Gilligan <andy@glbx.net> Cc: freebsd-security@freebsd.org Subject: Re: procfs + chmod = no go Message-ID: <Pine.NEB.3.96L.1040301092941.62987H-100000@fledge.watson.org> In-Reply-To: <20040301125053.GA94405@vega.glbx.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 1 Mar 2004, Andy Gilligan wrote: > > Why? They can get the same information from ps(1) or the kern.proc > > sysctl tree. > > > > (in 5.2, you can set security.bsd.see_other_uid to 0 to prevent users > > from seeing other users' processes) > > Surely kern.ps_showallprocs would accomplish the same thing in 4.x ? kern.ps_showallprocs changes the behavior of the ps(1) command and kernel sysctls for process listing, but does not provide comprehensive coverage against probing using kill(2), ptrace(2), and other system calls which report different protection errors when pointed at undesired targets, procfs, linprocfs, etc. In 5.x, we centralized inter-process access control, improving both its consistency and our ability to instrument it with new policies as part of the MAC Framework. So there is a pretty strong quantitative difference between kern.ps_showallprocfs in 4.x and security.bsd.see_other_uids in 5.x. These changes would be fairly straight forward to backport, but would be complicated by the fact that procfs in 4.x and procfs in 5.x are substantially different. Robert N M Watson FreeBSD Core Team, TrustedBSD Projects robert@fledge.watson.org Senior Research Scientist, McAfee Research
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96L.1040301092941.62987H-100000>