From owner-freebsd-current  Sat Sep 11  5:12:46 1999
Delivered-To: freebsd-current@freebsd.org
Received: from server.amis.net (server.amis.net [212.18.32.10])
	by hub.freebsd.org (Postfix) with ESMTP id 3997D150D2
	for <freebsd-current@freebsd.org>; Sat, 11 Sep 1999 05:12:37 -0700 (PDT)
	(envelope-from blaz@gold.amis.net)
Received: by server.amis.net (Postfix, from userid 66)
	id 01B3AD5E60; Sat, 11 Sep 1999 14:12:34 +0200 (CEST)
Received: by gold.amis.net (Postfix, from userid 1000)
	id 2052E9281; Sat, 11 Sep 1999 14:12:00 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1])
	by gold.amis.net (Postfix) with ESMTP id 196C257FC
	for <freebsd-current@freebsd.org>; Sat, 11 Sep 1999 14:12:00 +0200 (CEST)
Date: Sat, 11 Sep 1999 14:12:00 +0200 (CEST)
From: Blaz Zupan <blaz@gold.amis.net>
To: freebsd-current@freebsd.org
Subject: ps doesn't need privileges?
Message-ID: <Pine.BSF.4.10.9909111406170.17275-100000@gold.amis.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Please don't flame me if I'm asking something stupid, but I'm a bit
confused. I always thought that /bin/ps needs to be setgid kmem to be able
to display the process list. And this in fact seems to be the fact under
2.2.8:

/home/blaz> uname -a
FreeBSD server.amis.net 2.2.8-RELEASE FreeBSD 2.2.8-RELEASE #0: Mon Dec 14
19:22:23 CET 1998     blaz@server.amis.net:/usr/src/sys/compile/SERVER
i386 /home/blaz> ls -la /bin/ps
-r-xr-sr-x  1 bin  kmem  176128 Oct 26  1998 /bin/ps
/home/blaz> cp /bin/ps /tmp
/home/blaz> ls -la /tmp/ps
-r-xr-xr-x  1 blaz  bin  176128 Sep 11 14:08 /tmp/ps
/home/blaz> /tmp/ps ax
ps: /dev/mem: Permission denied

As expected, a copy of ps without setgid kmem can't display the process
list. But under 3.2 and higher, it is! Here is what happens under
4.0-CURRENT (same thing under 3.2):

/home/blaz> uname -a
FreeBSD gold.amis.net 4.0-CURRENT FreeBSD 4.0-CURRENT #0: Sat Sep  4
19:03:23 CEST 1999
blaz@gold.amis.net:/home/blaz/FreeBSD/src/sys/compile/GOLD  i386
/home/blaz> ls -la /bin/ps
-r-xr-sr-x  1 root  kmem  197820 Aug  7 12:42 /bin/ps*
/home/blaz> cp /bin/ps /tmp
/home/blaz> ls -la /tmp/ps
-r-xr-xr-x  1 blaz  wheel  197820 Sep 11 14:09 /tmp/ps*
/home/blaz> /tmp/ps ax
  PID  TT  STAT      TIME COMMAND
    0  ??  DLs    0:00.00  (swapper)
    1  ??  ILs    0:00.00  (init)
    2  ??  DL     0:00.00  (pagedaemon)
    3  ??  DL     0:00.00  (vmdaemon)
    4  ??  DL     0:00.00  (bufdaemon)
.....etc.

What am I missing? How is a totally unprivileged process able to display a
list of processes? 

Blaz Zupan, blaz@amis.net, http://www.herbie.amis.net
Medinet d.o.o., Linhartova 21, 2000 Maribor, Slovenia




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message