Date: Mon, 21 Aug 2000 15:59:11 -0400 From: Mike <mike@mikesweb.com> To: FengYue <fengyue@bluerose.windmoon.nu> Cc: freebsd-isp@freebsd.org Subject: Re: ps question Message-ID: <4.3.2.7.2.20000821155501.06384920@127.0.0.1> In-Reply-To: <Pine.BSF.4.10.10008211250290.14234-100000@bluerose.windmoo n.nu> References: <4.3.2.7.2.20000821014336.00b81aa0@127.0.0.1>
next in thread | previous in thread | raw e-mail | index | archive | help
I just put together a hosting server for an isp, and they want to try as much as possible "private" from user to user.. I looked into using jail, but don't think they'd need that much right now.. I've gone over the security info on the freebsd web site, now I was just working on making it so users wouldn't be "watching" everything that goes on. At 12:53 PM 8/21/2000 -0700, you wrote: >What's the use of all those hacks in ps code? People can simply either >access /proc or directly call kvm_* () functions to get a full list of >processes running on the machine, or even simply ftp a ps binary >from another freebsd machine. > >On Mon, 21 Aug 2000, Mike wrote: > > > tried that, (and changed the line to if (getuid() > 999 || getgid() > 999) > > so anything that's not a regular user can use it. no luck, can still ps -a > > as a regular user and see everything running.. > > > > At 10:11 PM 8/20/2000 -0400, you wrote: > > >++ 20/08/00 20:51 -0400 - Mike: > > > >Quick question, how do I make 'ps' work so no matter how users run > it, it > > > >only shows them their processes, and only root can see what -a would > > > display? > > > >thanks > > > > > >It shouldn't be too hard or re-write ps so that at the top while/after > > >processing the command line args the user-id is checked, getuid(2)?. If > > >it is is ZERO then nothing special. If it is not ZERO then limit. > > > > > >Here is a very simple hack: > > >--- ps.c Thu Jul 13 14:16:49 2000 > > >+++ ps-limited.c Sun Aug 20 22:09:53 2000 > > >@@ -121,6 +121,7 @@ > > > dev_t ttydev; > > > pid_t pid; > > > uid_t uid; > > >+ int isroot; > > > int all, ch, flag, i, fmt, lineno, nentries, dropgid; > > > int prtheader, wflag, what, xflg; > > > char *nlistf, *memf, *swapf, errbuf[_POSIX2_LINE_MAX]; > > >@@ -138,6 +139,10 @@ > > > if (argc > 1) > > > argv[1] = kludge_oldps_options(argv[1]); > > > > > >+ if (getuid() == 0 || getgid() == 0) > > >+ isroot = 1; > > >+ else > > >+ isroot = 0; > > > all = fmt = prtheader = wflag = xflg = 0; > > > pid = -1; > > > uid = (uid_t) -1; > > >@@ -152,7 +157,8 @@ > > > #endif > > > switch((char)ch) { > > > case 'a': > > >- all = 1; > > >+ if (isroot) > > >+ all = 1; > > > break; > > > case 'C': > > > rawcpu = 1; > > > > > >Jim > > >-- > > >"Eagles may soar, but weasels don't get sucked into jet engines" > > > -- Anon > > > > > > > > >To Unsubscribe: send mail to majordomo@FreeBSD.org > > >with "unsubscribe freebsd-isp" in the body of the message > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-isp" in the body of the message > > > > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-isp" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.3.2.7.2.20000821155501.06384920>