From owner-freebsd-bugs  Sun Jan  5 17: 3:32 2003
Delivered-To: freebsd-bugs@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 428E137B401
	for <freebsd-bugs@FreeBSD.ORG>; Sun,  5 Jan 2003 17:03:30 -0800 (PST)
Received: from mailsrv.otenet.gr (mailsrv.otenet.gr [195.170.0.5])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 32E3A43EA9
	for <freebsd-bugs@FreeBSD.ORG>; Sun,  5 Jan 2003 17:03:29 -0800 (PST)
	(envelope-from keramida@ceid.upatras.gr)
Received: from gothmog.gr (patr530-b081.otenet.gr [195.167.121.209])
	by mailsrv.otenet.gr (8.12.6/8.12.6) with ESMTP id h0613M4V026332;
	Mon, 6 Jan 2003 03:03:25 +0200 (EET)
Received: from gothmog.gr (gothmog [127.0.0.1])
	by gothmog.gr (8.12.6/8.12.6) with ESMTP id h0613LsX004258;
	Mon, 6 Jan 2003 03:03:21 +0200 (EET)
	(envelope-from keramida@ceid.upatras.gr)
Received: (from giorgos@localhost)
	by gothmog.gr (8.12.6/8.12.6/Submit) id h0613L8t004257;
	Mon, 6 Jan 2003 03:03:21 +0200 (EET)
	(envelope-from keramida@ceid.upatras.gr)
Date: Mon, 6 Jan 2003 03:03:21 +0200
From: Giorgos Keramidas <keramida@ceid.upatras.gr>
To: Cache <cache@sowatech.com.pl>
Cc: freebsd-bugs@FreeBSD.ORG
Subject: Re: ps information leak in FreeBSD
Message-ID: <20030106010321.GB3619@gothmog.gr>
References: <20030105204650.M16523@sowatech.com.pl>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20030105204650.M16523@sowatech.com.pl>
Sender: owner-freebsd-bugs@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-bugs.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-bugs>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-bugs>
X-Loop: FreeBSD.org

On 2003-01-05 20:46, Cache <cache@sowatech.com.pl> wrote:
> This is a little information leak. This bug(?) is not dangerous, but
> normal user can see all process on the box using ex. /bin/ps;

Are you sure you're not doing something wrong?

I don't have a 4.X system near to check this but on 5.X the
security.bsd.see_other_uids sysctl works as expected:

$ sysctl security.bsd.see_other_uids
security.bsd.see_other_uids: 1
$ ps auw | grep -v grep | grep root
root      492  0.0  0.2  1480 1180  v0  Is+   6:33PM   0:00.04 login [pam] (login)
root      493  0.0  0.2  1480 1180  v1  Is+   6:33PM   0:00.04 login [pam] (login)
root      494  0.0  0.2  1112  828  v2  Is+   6:33PM   0:00.00 /usr/libexec/getty Pc ttyv2
root      495  0.0  0.2  1112  828  v3  Is+   6:33PM   0:00.00 /usr/libexec/getty Pc ttyv3
root     1453  0.0  0.3  1720 1372  v0  S+   11:46PM   0:00.08 screen -ar
root     1462  0.0  0.2  1396 1280  p0  Is   11:46PM   0:00.06 -/usr/local/bin/bash
root     2744  0.0  0.2  1460 1120  p0  I    12:47AM   0:00.01 su -l ncvs

( Log in as root.  Set security.bsd.see_other_uids=0. )

$ sysctl security.bsd.see_other_uids
security.bsd.see_other_uids: 0
$ ps auw | grep -v grep | grep root
$

- Giorgos


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message