From owner-freebsd-questions@FreeBSD.ORG  Tue Jun  7 04:52:29 2005
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id C97CA16A41C
	for <freebsd-questions@freebsd.org>;
	Tue,  7 Jun 2005 04:52:29 +0000 (GMT)
	(envelope-from jamie@gnulife.org)
Received: from floyd.gnulife.org (ns1.gnulife.org [199.86.32.49])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 7203443D1D
	for <freebsd-questions@freebsd.org>;
	Tue,  7 Jun 2005 04:52:29 +0000 (GMT)
	(envelope-from jamie@gnulife.org)
Received: from floyd.gnulife.org (localhost.gnulife.org [127.0.0.1])
	by floyd.gnulife.org (8.12.11/8.12.11) with ESMTP id j574pZ7R021085
	for <freebsd-questions@freebsd.org>;
	Mon, 6 Jun 2005 23:51:35 -0500 (CDT)
	(envelope-from jamie@gnulife.org)
Received: from localhost (jamie@localhost)
	by floyd.gnulife.org (8.12.11/8.12.9/Submit) with ESMTP id
	j574pZN3021082 for <freebsd-questions@freebsd.org>;
	Mon, 6 Jun 2005 23:51:35 -0500 (CDT)
	(envelope-from jamie@gnulife.org)
X-Authentication-Warning: floyd.gnulife.org: jamie owned process doing -bs
Date: Mon, 6 Jun 2005 23:51:35 -0500 (CDT)
From: Midnight Oil <jamie@gnulife.org>
To: freebsd-questions@freebsd.org
Message-ID: <20050606234735.D21034@floyd.gnulife.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Subject: Permissions on ps
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Jun 2005 04:52:29 -0000




   I'm having difficulty understanding just how it is a regular
with simple priviliges is able to run ps.


ps accesses /dev/kmem to get a process list.


floyd% ls -al /dev/kmem
crw-r-----  1 root  kmem    2,   1 Jan 16  2004 /dev/kmem

 -- /dev/kmem is read/write accessable to root, and read accessable to
anyone in group kmem.



floyd% ls -al /bin/ps
-r-xr-xr-x  1 root  wheel  215368 Oct 27  2003 /bin/ps*


 -- /bin/ps is owned by root:wheel, no suid or sgid, so it should run as
whoever starts it (world executable).


  Million $$ question:
  How is it that anyone can run ps if ps accesses /dev/kmem? It shouldn't
be able to open that device. Any idea?



   - Jme






The Moon is New