Date: Mon, 21 Aug 2000 12:53:53 -0700 (PDT) From: FengYue <fengyue@bluerose.windmoon.nu> To: Mike <mike@mikesweb.com> Cc: James Housley <jim@thehousleys.net>, freebsd-isp@FreeBSD.ORG Subject: Re: ps question Message-ID: <Pine.BSF.4.10.10008211250290.14234-100000@bluerose.windmoon.nu> In-Reply-To: <4.3.2.7.2.20000821014336.00b81aa0@127.0.0.1>
next in thread | previous in thread | raw e-mail | index | archive | help
What's the use of all those hacks in ps code? People can simply either
access /proc or directly call kvm_* () functions to get a full list of
processes running on the machine, or even simply ftp a ps binary
from another freebsd machine.
On Mon, 21 Aug 2000, Mike wrote:
> tried that, (and changed the line to if (getuid() > 999 || getgid() > 999)
> so anything that's not a regular user can use it. no luck, can still ps -a
> as a regular user and see everything running..
>
> At 10:11 PM 8/20/2000 -0400, you wrote:
> >++ 20/08/00 20:51 -0400 - Mike:
> > >Quick question, how do I make 'ps' work so no matter how users run it, it
> > >only shows them their processes, and only root can see what -a would
> > display?
> > >thanks
> >
> >It shouldn't be too hard or re-write ps so that at the top while/after
> >processing the command line args the user-id is checked, getuid(2)?. If
> >it is is ZERO then nothing special. If it is not ZERO then limit.
> >
> >Here is a very simple hack:
> >--- ps.c Thu Jul 13 14:16:49 2000
> >+++ ps-limited.c Sun Aug 20 22:09:53 2000
> >@@ -121,6 +121,7 @@
> > dev_t ttydev;
> > pid_t pid;
> > uid_t uid;
> >+ int isroot;
> > int all, ch, flag, i, fmt, lineno, nentries, dropgid;
> > int prtheader, wflag, what, xflg;
> > char *nlistf, *memf, *swapf, errbuf[_POSIX2_LINE_MAX];
> >@@ -138,6 +139,10 @@
> > if (argc > 1)
> > argv[1] = kludge_oldps_options(argv[1]);
> >
> >+ if (getuid() == 0 || getgid() == 0)
> >+ isroot = 1;
> >+ else
> >+ isroot = 0;
> > all = fmt = prtheader = wflag = xflg = 0;
> > pid = -1;
> > uid = (uid_t) -1;
> >@@ -152,7 +157,8 @@
> > #endif
> > switch((char)ch) {
> > case 'a':
> >- all = 1;
> >+ if (isroot)
> >+ all = 1;
> > break;
> > case 'C':
> > rawcpu = 1;
> >
> >Jim
> >--
> >"Eagles may soar, but weasels don't get sucked into jet engines"
> > -- Anon
> >
> >
> >To Unsubscribe: send mail to majordomo@FreeBSD.org
> >with "unsubscribe freebsd-isp" in the body of the message
>
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-isp" in the body of the message
>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.10.10008211250290.14234-100000>