Date: Fri, 2 Feb 2001 12:00:46 -0600 (CST) From: Mike Meyer <mwm@mired.org> To: Odhiambo Washington <wash@iconnect.co.ke> Cc: Mike Meyer <mwm@mired.org>, FBSD-Q <freebsd-questions@freebsd.org> Subject: Re: kern.securelevel changes? Message-ID: <14970.62926.923267.85660@guru.mired.org> In-Reply-To: <20010202202436.B82567@poeza.iconnect.co.ke> References: <92820033@toto.iv> <14970.59812.328312.718346@guru.mired.org> <20010202202436.B82567@poeza.iconnect.co.ke>
next in thread | previous in thread | raw e-mail | index | archive | help
Odhiambo Washington <wash@iconnect.co.ke> types: > * Mike Meyer <mwm@mired.org> [20010202 20:10]: writing on the subject 'Re: kern.securelevel changes?' > Mike> Omer Faruk Sen <ofsenfreebsd@yahoo.com> types: > Mike> > hi. > Mike> > Is there a document that explains all changes when I > Mike> > switch my kern.securelevel from -1 to 0 or at the same > Mike> > time switch it from 0 to +1? > Mike> > Mike> The init man page. > Mike> > Mike> > I want to make my users just to see their own process > Mike> > not other?How can I obtain that?I was thinking that it > Mike> > was about kern.securelevel but I did -1 --> 0 and > Mike> > nothing has changed users still can see other > Mike> > processes > Mike> > Mike> Well, someone claimed there was a sysctl to do that, but I don't see > Mike> how, as ps reads kernel virtual memory, and once you can do that, you > Mike> can read the info for any process, not just your own. > > Mike, then in that case how does an ordinary user circumvent this one: > > kern.ps_showallprocs=0 I was wrong about the way ps behaved - I read the wrong branch of the if :-(. It actually uses sysctls to get that information, not the nlist code I was looking at. While you could tweak the code to make it use the nlist code (which is still there), you'd have to run setgid kmem or setuid root. If people can do that on your system, you have more important things to worry about than just setting the sysctl. <mike -- Mike Meyer <mwm@mired.org> http://www.mired.org/home/mwm/ Independent WWW/Perforce/FreeBSD/Unix consultant, email for more information. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?14970.62926.923267.85660>