Date: Tue, 22 Aug 2000 10:39:32 -0700 From: Paul Saab <paul@mu.org> To: Bill Fumerola <billf@chimesnet.com> Cc: FengYue <fengyue@bluerose.windmoon.nu>, Mike <mike@mikesweb.com>, James Housley <jim@thehousleys.net>, freebsd-isp@FreeBSD.ORG Subject: Re: ps question Message-ID: <20000822103932.A62542@elvis.mu.org> In-Reply-To: <20000821155159.F65562@jade.chc-chimes.com>; from billf@chimesnet.com on Mon, Aug 21, 2000 at 03:51:59PM -0400 References: <4.3.2.7.2.20000821014336.00b81aa0@127.0.0.1> <Pine.BSF.4.10.10008211250290.14234-100000@bluerose.windmoon.nu> <20000821155159.F65562@jade.chc-chimes.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--AhhlLboLdkugWU4S
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Bill Fumerola (billf@chimesnet.com) wrote:
> On Mon, Aug 21, 2000 at 12:53:53PM -0700, FengYue wrote:
> >
> > What's the use of all those hacks in ps code? People can simply either
> > access /proc or directly call kvm_* () functions to get a full list of
> > processes running on the machine, or even simply ftp a ps binary
> > from another freebsd machine.
>
> Exactly. If you don't want users snooping around, installing a watered
> down ps(1) isn't going to help much.
>
> Unmounting /proc may help, not giving users that would abuse an account
> might help, giving users restricted shells might help, a bullet in the
> head of people who abuse your system might help, but a watered down ps(1)
> sadly won't.
Not only that, you still have access to the sysctl as any user to pull
all the processes, so a watered down ps isn't going to help, but this
patch will.. :)
If I get some time, I can do somethign similar for procfs.
paul
--AhhlLboLdkugWU4S
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename="ps.diff"
Index: kern_proc.c
===================================================================
RCS file: /shit/FreeBSD4/cvs/src/sys/kern/kern_proc.c,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- kern_proc.c 2000/07/22 08:02:17 1.1
+++ kern_proc.c 2000/08/19 16:36:17 1.2
@@ -55,6 +55,10 @@
static MALLOC_DEFINE(M_PROC, "proc", "Proc structures");
MALLOC_DEFINE(M_SUBPROC, "subproc", "Proc sub-structures");
+static int ps_showallprocs = 1;
+SYSCTL_INT(_kern, OID_AUTO, ps_showallprocs, CTLFLAG_RW,
+ &ps_showallprocs, 0, "");
+
static void pgdelete __P((struct pgrp *));
/*
@@ -522,7 +526,7 @@
}
static int
-sysctl_kern_proc SYSCTL_HANDLER_ARGS
+sysctl_kern_proc(SYSCTL_HANDLER_ARGS)
{
int *name = (int*) arg1;
u_int namelen = arg2;
@@ -561,6 +565,11 @@
p = LIST_FIRST(&zombproc);
for (; p != 0; p = LIST_NEXT(p, p_list)) {
/*
+ * Show a user only their processes
+ */
+ if ((!ps_showallprocs) && p_trespass(curproc, p))
+ continue;
+ /*
* Skip embryonic processes.
*/
if (p->p_stat == SIDL)
@@ -618,7 +627,7 @@
* title to a string of its own choice.
*/
static int
-sysctl_kern_proc_args SYSCTL_HANDLER_ARGS
+sysctl_kern_proc_args(SYSCTL_HANDLER_ARGS)
{
int *name = (int*) arg1;
u_int namelen = arg2;
--AhhlLboLdkugWU4S--
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000822103932.A62542>