Site Navigation

Date:      Sun, 5 Jan 2003 20:46:50 +0000
From:      "Cache" <cache@sowatech.com.pl>
To:        bugtraq@securityfocus.net
Cc:        freebsd-bugs@freebsd.org
Subject:   ps information leak in FreeBSD
Message-ID:  <20030105204650.M16523@sowatech.com.pl>

---

next in thread | raw e-mail | index | archive | help

---

[-- Attachment #1 --]
Nothing special, lame :)

Hi,

0x01 About
0x02 Practical
0x03 Conclusion
0x04 Install
0x05 End
0x06 Greetz


0x01 About:

Autor: Rafael Lesniak / 05012003 Hannover / cache@irc.pl 
Sorry for My English

This is a little information leak. This bug(?) is not dangerous, but
normal user can see all process on the box using ex. /bin/ps;

Affected Systems:
FreeBSD		:possible all
OpenBSD		:don't known
Linux		:don't known
Other		:don't known

0x02 Practical:

(I don't use /proc.)

Last login: Sun Jan  5 00:13:01 on ttyv0
Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994
    The Regents of the University of California.  All rights reserved.

FreeBSD 4.7-RELEASE (SILENT) #1: Sun Jan  5 00:10:51 GMT 2003

Welcome to FreeBSD!


[cache@silent][ttyv1] ~> grep "FreeBSD:" /usr/src/sys/i386/conf/LINT
# $FreeBSD: src/sys/i386/conf/LINT,v 1.749.2.124 2002/10/05 18:31:47 scottl 
Exp

[cache@silent][ttyv1] ~> sysctl -a | grep show
kern.ps_showallprocs: 0
[cache@silent][ttyv1] ~> ps -auxwwwp 101
USER   PID %CPU %MEM   VSZ  RSS  TT  STAT STARTED      TIME COMMAND
root   101  0,0  0,2  1020  740  ??  Is    0:12     0:00,01 /usr/sbin/cron

ps [-aCcefhjlmrSTuvwx] [-M core] [-N system] [-O fmt] [-o fmt] [-p pid]
    [-t tty] [-U username]

-p      Display information associated with the specified process ID.

--- cut ---

0x03 Conclusion:

I hope it is good idea to protect all process information 
(any way, for what We need kern.ps_showallprocs?)

[cache@silent][ttyv1] ~> cat info.sh
#!/bin/sh
pid=0;
while x=0; do
/bin/ps -auxwwwp $pid | /usr/bin/grep $pid;
pid=`expr $pid + 1`;
done

--- cut ---

See out.log how it works.

0x04 Install:

$ mkdir /tmp/patch
$ cp proc-patch.tar.gz /tmp/patch
$ cd /tmp/patch
$ tar -zxvf proc-patch.tar.gz
$ su
# patch -p0 < proc.patch

--- cut ---
Hmm...  Looks like a new-style context diff to me...
The text leading up to this was:
--------------------------
|*** /usr/src/sys/kern/kern_proc.c      Tue May  1 13:39:06 2001
|--- /usr/src/sys/kern/kern_proc.c      Sun Jan  5 00:18:40 2003
--------------------------
Patching file /usr/src/sys/kern/kern_proc.c using Plan A...
Hunk #1 succeeded at 453.
done
--- cut --- 

configure Your kernel, compile, install and thats all.

0x05 End: 

I have make this little patch for My FreeBSD box, and this method 
doesn't work. May be it is possible to do, but this is not My
skill level );] ...

0x06 Greetz: 
    kador, Lam3rz, layon, ultor, neutrinka, !pl-bsd, and 
	all lamerz ...


## Rafal (cache) Lesniak   #######
CoSysOp cache /at/ sowatech.com.pl
### http://www.sowatech.com.pl ###

[-- Attachment #2 --]
��>�Zys����Œ��s'��c7馮*)�Z�vE�I��8�Q�*���o ��Z��Nf�7p�X����l�Dn'v2wһ����X���D�T��9-���eô���U����q$Q�fNp�u�	�1n6a��}]�����q�M'w�B�N�S�Z��T�񚦙���=+7��\��.���N%�F?���l���؄Q����q��l6��[�����v����@������O�Q2州fC5$��g��ͺ~tu����o�z���k���:�:	����g����D!���2��@5@E�)���
��+B^@-
��	?`U�%�0ž!pB�lڇ�� -<�K@��R��1Lj�@OJ ]���K�+Z�4DK���[U!�s��d$(m��R<7
�J7�H[XS5(�*��v_y��^���Rʞȭ���B�_R�U��{�������9_��i���M����A[���
3�A��d��'Q�	{�+'�a���g�NN��Tu������7��ˠӑ��)Ɨut
۠�;Wl� 
�%(�S��Zk��?�ܺ��7���A��~��(�'��|b�"tY"�`@��Z��jF��Mf�E�'4�.R#�t�_�
�S�}3���f�
�J����f��Q�mʴ�`D�B�!o��%�~PŦ��;U	�M�p�E	���ۺa��<�<�IXk�Bղ��x���‡�,���q]g^�9/
�4�V�4"٩�5��r�3H�5��ڑ��-�� vm�΃(O1�tb��
Yj�)kg�j:�1e������%�H��l���U@����1�������n@��1�:�k@�
��JY��V@u;�R�zհ
<WURz�p�V�P����k@s�늀��)�v��~��%�3�wŲl
�Z�~&�V�}&�^�&�Qh|&�fž4?Ъ�>Ъ�
U�L��ԄC
0�y!�^�$�W:k�)����Jg��h�W:V5��ˉ%Г��[.'�t��ܔ�'�5����
��;���M����侶^BYm-��G5̚v��vۦk��_~Ld�ٕ����]��:q3�0���e4�P�:C�:�jj=
�^g��~�d��.m�j��z0x�D�Л:IO��f\lj�Po�̂�N�∌�"��%U��OE�%$*#�Uq�Q!�:q�\��4Xc�t��o�&}�H���;.�)u�d@�((�(�@@�ܰ����e_�҉W�O����7��O�_`�$��F
!�i_�
�;=��.�2�Fz�
�K��R���E�\�����8cI �-EH9�AюtjUD(émJo`Ъg����,���EW� ���97��Y�����X��*٘���Dɼ�� ª��p��H̥����
�*2t@ʭ��yr9� Ć�,m-n�87��ˣ��q֯�(�X��\��Z�[A�o!j�Ҷ�U9^ؖ�p�f�U��pX�mb����/)b�����eIǻ5%��BM��R�W�f�@a��w%��+����2슱�R@�L�*.յ�X-���V��Vc���ꉗb<F�-�C6��^�U4i��G�lр��U�6�B5ok���΅O�T��k70*鿈��S��r����~�5s���֗��������;~�Ǿ�YV���"����h����B�?.�N&.�ۻfI(�=�{9�3g�_�S��
�4�T�t:�u㋖����J����c�[t�&`�����%,˓Zd������z���d��Ż��LJm�yŸ݆x��=OxG�1
@��h�A�_@����,M�׉��O�:��;�OYz�u�j�O^��KpN�y�%b�E���笶�����>R��}�,ai�i�{~�tc{{bv,I�~�����<�o�m���mX
jy�_���������
����Q���(�t��Yj���Ћ(�x��1s=�o������k+
�c5wp��ś*�J7�pQ�O58�B��S/
��'!J�
8G�a�O	c�{EF(�A�E�`ӱzk�{�a4E��m��0J�������+��ۗ.&^
�s����g�?V&��!w�3�b�e~�z��G�XQ����%Q���B����.F��1�	-��2,�.�9��rc�.�[����c����E�� (?���<<���Q�z���S^�,,��,�>��0��ʩ�󍾗��d�oC(��	�s(29���I��u�`sw�X��d�)Q�x�xW���}�}���QGSm~��>Gq��+<@]�P��3��X��u��R/[�C��P��.�
JT<.�0����QWY�
���9?>=>Ckxrz��b�S \��tvQ��g��nA��M�Ma:��#oo���ҷ��?�ض�M9r�M5�y�m��(�NO^\(���@�>�=ڵ�~W�R\| Gj��z
f=��uR7B���y���"�Cǁ�<](<�v7r�H=��_�b�~=<>G-�:9�G��^ã��3<����C\�\\`.�8�����"�\����˳��G5�?�o��x'�]5je=X���(�ߛ�s���_~�/��l������[/�,Їx�%���7�e#�������q+潯����o��8�����E�l#w�Sg^6�*"��î����U�J���F������N`�k2P��hވ9�%�`P	2J�	0sm�f\��� d��6�?��a7.�\n�P�[:��輣
�U�1L�ۇ�WT(�Y�\�]��P^�Bp=�0�gA�uv�1��.��������9�ٝ�����x5��eEb��M���A��b@:�����5Fg����f�w��$��4`8Z�NtcR����bƓ����ߩ%��G�����������{s�������^v?��~�||�
��<�� ��w]�`�a�H�໅�HBE�aӻ����DX;���w�On�%s�rz�bu0M�YaK���p<g� pPgB�e�/�^˔���]��ȀetT����S�
q_.=y��Q��H�Že�p�P�kY������o�KA�w�I��kg%m8u-y�˫E�!�3��<K���iÃ��\���Me�O��b�����j���j���j���j���j���j���j����}��F\�KP

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030105204650.M16523>

Legal Notices | © 1995-2025 The FreeBSD Project. All rights reserved.

Contact