Date: Mon, 21 Aug 2000 15:59:11 -0400 From: Mike <mike@mikesweb.com> To: FengYue <fengyue@bluerose.windmoon.nu> Cc: freebsd-isp@freebsd.org Subject: Re: ps question Message-ID: <4.3.2.7.2.20000821155501.06384920@127.0.0.1> In-Reply-To: <Pine.BSF.4.10.10008211250290.14234-100000@bluerose.windmoo n.nu> References: <4.3.2.7.2.20000821014336.00b81aa0@127.0.0.1>
next in thread | previous in thread | raw e-mail | index | archive | help
I just put together a hosting server for an isp, and they want to try as
much as possible "private" from user to user.. I looked into using jail,
but don't think they'd need that much right now.. I've gone over the
security info on the freebsd web site, now I was just working on making it
so users wouldn't be "watching" everything that goes on.
At 12:53 PM 8/21/2000 -0700, you wrote:
>What's the use of all those hacks in ps code? People can simply either
>access /proc or directly call kvm_* () functions to get a full list of
>processes running on the machine, or even simply ftp a ps binary
>from another freebsd machine.
>
>On Mon, 21 Aug 2000, Mike wrote:
>
> > tried that, (and changed the line to if (getuid() > 999 || getgid() > 999)
> > so anything that's not a regular user can use it. no luck, can still ps -a
> > as a regular user and see everything running..
> >
> > At 10:11 PM 8/20/2000 -0400, you wrote:
> > >++ 20/08/00 20:51 -0400 - Mike:
> > > >Quick question, how do I make 'ps' work so no matter how users run
> it, it
> > > >only shows them their processes, and only root can see what -a would
> > > display?
> > > >thanks
> > >
> > >It shouldn't be too hard or re-write ps so that at the top while/after
> > >processing the command line args the user-id is checked, getuid(2)?. If
> > >it is is ZERO then nothing special. If it is not ZERO then limit.
> > >
> > >Here is a very simple hack:
> > >--- ps.c Thu Jul 13 14:16:49 2000
> > >+++ ps-limited.c Sun Aug 20 22:09:53 2000
> > >@@ -121,6 +121,7 @@
> > > dev_t ttydev;
> > > pid_t pid;
> > > uid_t uid;
> > >+ int isroot;
> > > int all, ch, flag, i, fmt, lineno, nentries, dropgid;
> > > int prtheader, wflag, what, xflg;
> > > char *nlistf, *memf, *swapf, errbuf[_POSIX2_LINE_MAX];
> > >@@ -138,6 +139,10 @@
> > > if (argc > 1)
> > > argv[1] = kludge_oldps_options(argv[1]);
> > >
> > >+ if (getuid() == 0 || getgid() == 0)
> > >+ isroot = 1;
> > >+ else
> > >+ isroot = 0;
> > > all = fmt = prtheader = wflag = xflg = 0;
> > > pid = -1;
> > > uid = (uid_t) -1;
> > >@@ -152,7 +157,8 @@
> > > #endif
> > > switch((char)ch) {
> > > case 'a':
> > >- all = 1;
> > >+ if (isroot)
> > >+ all = 1;
> > > break;
> > > case 'C':
> > > rawcpu = 1;
> > >
> > >Jim
> > >--
> > >"Eagles may soar, but weasels don't get sucked into jet engines"
> > > -- Anon
> > >
> > >
> > >To Unsubscribe: send mail to majordomo@FreeBSD.org
> > >with "unsubscribe freebsd-isp" in the body of the message
> >
> >
> >
> > To Unsubscribe: send mail to majordomo@FreeBSD.org
> > with "unsubscribe freebsd-isp" in the body of the message
> >
>
>
>
>To Unsubscribe: send mail to majordomo@FreeBSD.org
>with "unsubscribe freebsd-isp" in the body of the message
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.3.2.7.2.20000821155501.06384920>