From owner-freebsd-hackers@FreeBSD.ORG Wed Jul 25 15:14:23 2007 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9EFD616A420 for ; Wed, 25 Jul 2007 15:14:23 +0000 (UTC) (envelope-from victorloureirolima@gmail.com) Received: from wa-out-1112.google.com (wa-out-1112.google.com [209.85.146.176]) by mx1.freebsd.org (Postfix) with ESMTP id 691DA13C442 for ; Wed, 25 Jul 2007 15:14:23 +0000 (UTC) (envelope-from victorloureirolima@gmail.com) Received: by wa-out-1112.google.com with SMTP id j37so263335waf for ; Wed, 25 Jul 2007 08:14:23 -0700 (PDT) DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=StAHZEuqphJWxmgjKoUaUP0vRk9HkigVGohE5nn3DH5AY09wtJSnOMygAvgKl1ZMnXEX+lEkbhd0HQdmRDdCey2GFWQA7xtaBnli0V2FlGzLVlNWR6yNdVFgoN3iKLZLV5fCOVKEjeTeKdvcOD+mqo2P3AshtQVSQOcpJkL8a7I= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=lWHuWmOVeocKv9NUpdPGxHP4TBBKs2jOauQIodC7V7XYXEAemhz7X21f/OuIonI7ylyfYDh1WkiSkN8B7/tER5Vl4PSjeiIgpO+nqXAUr4baJoKmF4oW+Jt38MSAjSaOw7QEtQ4WYH12AVsXmZqOxc/xbe0gAbG4xK2b8WI9RP4= Received: by 10.115.18.1 with SMTP id v1mr750724wai.1185376463151; Wed, 25 Jul 2007 08:14:23 -0700 (PDT) Received: by 10.114.177.7 with HTTP; Wed, 25 Jul 2007 08:14:23 -0700 (PDT) Message-ID: Date: Wed, 25 Jul 2007 12:14:23 -0300 From: "Victor Loureiro Lima" To: "John-Mark Gurney" , "Victor Loureiro Lima" , "Daniel Molina Wegener" , "FreeBSD Hackers" In-Reply-To: <20070724225157.GI99491@funkthat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <200707232052.58485.dmw@unete.cl> <20070724184355.GH99491@funkthat.com> <20070724225157.GI99491@funkthat.com> Cc: Subject: Re: A few questions... X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 25 Jul 2007 15:14:23 -0000 2007/7/24, John-Mark Gurney : > Victor Loureiro Lima wrote this message on Tue, Jul 24, 2007 at 16:35 -0300: > > 2007/7/24, John-Mark Gurney : > > >Daniel Molina Wegener wrote this message on Mon, Jul 23, 2007 at 20:52 > > >-0400: > > >> a) Is there any function or variable that tells me which is the > > >> root user UID in the system, or root always have 0 and it's > > >> an "elegant" option to compare the variables or structure > > >> members against zero. > > > > > >#include > > > > > >uid == UID_ROOT > > > > > >> b) Can normal users look for system processes or kernel threads? > > > > > >Yes, ps does this... > > > > > > > ps(1) either elevates its priviledges during execution, or has some > > other way of medling into the afairs of other processes that will > > eventually need some higher priviledge status (either that, or I am > > really out-dated on modern operational systems) > > hydrogen,ttypm,/home/johng,503$ls -l /bin/ps > -r-xr-xr-x 1 root wheel 31372 May 8 2005 /bin/ps* > > So, as you see, no suid or sgid necessary for ps to function... > FreeBSD exports most/all of the info through sysctl which does not > require elevated privs to get... > > And ps doesn't medling.. it's just a voyeur.. hahaha I liked that phrase ;) Check this out: http://www.freebsd.org/cgi/cvsweb.cgi/src/bin/ps/ps.c?rev=1.106.2.2;content-type=text%2Fplain Turns out ps(1) uses libkvm, more specifically kvm_getprocs() function (the function that I said was in the middle of my last experience on getting process information from FreeBSD ;)) Im pretty sure it doesnt get _any_ of its info thru sysctl's, but using the kvm interface which is simple, clean and orthogonal, however I guess I was a little bit incorrect in my last email, ps(1) in its common execution mode will attempt to retrieve only the processes information that are pertinent to the current user uid, as this snippets from ps.c shows: ----- kd = kvm_openfiles(nlistf, memf, NULL, O_RDONLY, errbuf); if (kd == 0) errx(1, "%s", errbuf); if (!_fmt) parsefmt(dfmt, 0); if (nselectors == 0) { uidlist.l.ptr = malloc(sizeof(uid_t)); if (uidlist.l.ptr == NULL) errx(1, "malloc failed"); nselectors = 1; uidlist.count = uidlist.maxcount = 1; *uidlist.l.uids = getuid(); } ----- So yes, you are correct, it wont need any "root" priviledge in order to get the information about its own processes, but it will need root priviledge to get information on all process running on the system (am I correct? I am assuming a lot of things based on very little source-code reading, so feel free to bash me if I am wrong ;)) I guess the whole sanity checking for permission is done inside libkvm somewhere ;) cheers, victor f. loureiro lima