Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 21 Aug 2000 15:59:11 -0400
From:      Mike <mike@mikesweb.com>
To:        FengYue <fengyue@bluerose.windmoon.nu>
Cc:        freebsd-isp@freebsd.org
Subject:   Re: ps question
Message-ID:  <4.3.2.7.2.20000821155501.06384920@127.0.0.1>
In-Reply-To: <Pine.BSF.4.10.10008211250290.14234-100000@bluerose.windmoo n.nu>
References:  <4.3.2.7.2.20000821014336.00b81aa0@127.0.0.1>

next in thread | previous in thread | raw e-mail | index | archive | help
I just put together a hosting server for an isp, and they want to try as 
much as possible "private" from user to user.. I looked into using jail, 
but don't think they'd need that much  right now.. I've gone over the 
security info on the freebsd web site, now I was just working on making it 
so users wouldn't be "watching" everything that goes on.

At 12:53 PM 8/21/2000 -0700, you wrote:

>What's the use of all those hacks in ps code?  People can simply either
>access /proc or directly call kvm_* () functions to get a full list of
>processes running on the machine, or even simply ftp a ps binary
>from another freebsd machine.
>
>On Mon, 21 Aug 2000, Mike wrote:
>
> > tried that, (and changed the line to if (getuid() > 999 || getgid() > 999)
> > so anything that's not a regular user can use it. no luck, can still ps -a
> > as a regular user and see everything running..
> >
> > At 10:11 PM 8/20/2000 -0400, you wrote:
> > >++ 20/08/00 20:51 -0400 - Mike:
> > > >Quick question, how do I make 'ps' work so no matter how users run 
> it, it
> > > >only shows them their processes, and only root can see what -a would
> > > display?
> > > >thanks
> > >
> > >It shouldn't be too hard or re-write ps so that at the top while/after
> > >processing the command line args the user-id is checked, getuid(2)?.  If
> > >it is is ZERO then nothing special.  If it is not ZERO then limit.
> > >
> > >Here is a very simple hack:
> > >--- ps.c        Thu Jul 13 14:16:49 2000
> > >+++ ps-limited.c        Sun Aug 20 22:09:53 2000
> > >@@ -121,6 +121,7 @@
> > >         dev_t ttydev;
> > >         pid_t pid;
> > >         uid_t uid;
> > >+       int isroot;
> > >         int all, ch, flag, i, fmt, lineno, nentries, dropgid;
> > >         int prtheader, wflag, what, xflg;
> > >         char *nlistf, *memf, *swapf, errbuf[_POSIX2_LINE_MAX];
> > >@@ -138,6 +139,10 @@
> > >         if (argc > 1)
> > >                 argv[1] = kludge_oldps_options(argv[1]);
> > >
> > >+       if (getuid() == 0 || getgid() == 0)
> > >+               isroot = 1;
> > >+       else
> > >+               isroot = 0;
> > >         all = fmt = prtheader = wflag = xflg = 0;
> > >         pid = -1;
> > >         uid = (uid_t) -1;
> > >@@ -152,7 +157,8 @@
> > >  #endif
> > >                 switch((char)ch) {
> > >                 case 'a':
> > >-                       all = 1;
> > >+                       if (isroot)
> > >+                               all = 1;
> > >                         break;
> > >                 case 'C':
> > >                         rawcpu = 1;
> > >
> > >Jim
> > >--
> > >"Eagles may soar, but weasels don't get sucked into jet engines"
> > >     -- Anon
> > >
> > >
> > >To Unsubscribe: send mail to majordomo@FreeBSD.org
> > >with "unsubscribe freebsd-isp" in the body of the message
> >
> >
> >
> > To Unsubscribe: send mail to majordomo@FreeBSD.org
> > with "unsubscribe freebsd-isp" in the body of the message
> >
>
>
>
>To Unsubscribe: send mail to majordomo@FreeBSD.org
>with "unsubscribe freebsd-isp" in the body of the message



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.3.2.7.2.20000821155501.06384920>