From owner-freebsd-stable@FreeBSD.ORG Mon Mar 29 18:37:00 2004 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4393D16A4CE for ; Mon, 29 Mar 2004 18:37:00 -0800 (PST) Received: from smtp4.server.rpi.edu (smtp4.server.rpi.edu [128.113.2.4]) by mx1.FreeBSD.org (Postfix) with ESMTP id F06BF43D2D for ; Mon, 29 Mar 2004 18:36:59 -0800 (PST) (envelope-from drosih@rpi.edu) Received: from [128.113.24.47] (gilead.netel.rpi.edu [128.113.24.47]) by smtp4.server.rpi.edu (8.12.8/8.12.8) with ESMTP id i2U2axXf008710; Mon, 29 Mar 2004 21:36:59 -0500 Mime-Version: 1.0 X-Sender: drosih@mail.rpi.edu Message-Id: In-Reply-To: <2580.1080595212@gilmore.nas.nasa.gov> References: <2580.1080595212@gilmore.nas.nasa.gov> Date: Mon, 29 Mar 2004 21:36:57 -0500 To: David.E.Tweten@nasa.gov, stable@freebsd.org From: Garance A Drosihn Content-Type: text/plain; charset="us-ascii" ; format="flowed" X-Scanned-By: CanIt (www . canit . ca) Subject: Re: Ps(1) Restricting Command Lines X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 30 Mar 2004 02:37:00 -0000 At 1:20 PM -0800 3/29/04, Dave Tweten wrote: >As of my STABLE upgrade to the 8:00 GMT Saturday version, I have >noticed that ps(1) is behaving differently. Unless run by root, >"ps -ax" refuses to print the command line associated with each >process. I've checked a couple things: Now that I have done a complete buildworld, I am seeing about the same behavior. I *do* see the command-args for my own processes, but if run as someone other than root then I don't see the command-args for other people's processes. >1. /bin/ps is not SGID kmem and /dev/kmem permission is set > to 0640, but that isn't the cause of this problem (though > it may cause others, since the ps(1) man page says it needs > to read /dev/kmem). Changing the group and adding 'chmod g+s' does not seem to help. (it would not surprise me if the man page is a little out-of-date, but I don't know that for sure). >2. /proc/*/cmdline is owned by root:wheel and has 0444 permissions. > It should therefore be usable by ps(1) regardless of who runs it. Indeed, my non-root process can 'cat /dev//cmdline', but the `ps' command does not try to open those file(s). I imagine it that would be a lot more expensive. >So it looks like command lines should print, but they don't. Does >anybody know what's happening here? The thing is, I also compiled a verison of `ps' that is before my recent barrage of MFC's, and it behaves the same way. In that `ps', ps.c has a version of: $FreeBSD: src/bin/ps/ps.c,v 1.30.2.6 2002/07/04 08:30:37 sobomax Exp $ So, whatever the issue is, it is not related to my recent string of changes to `ps' itself I also noticed: sysctl -a | grep kern.ps kern.ps_strings: 3217031152 kern.ps_arg_cache_limit: 256 kern.ps_argsopen: 1 kern.ps_showallprocs: 1 If I change kern.ps_showallprocs=0 on some older 4.x system, that causes `ps' to behave the way I'm seeing on the latest buildworld. If I change kern.ps_showallprocs=0 on the latest buildworld, the only thing it seems to change is that it stops showing me the command-line for processes where TPGID==0 (more precisely, it changes the output for one 'sshd'-related process). I'm no kernel developer, and I have no spare time, so that's about as far as I can investigate it right now... -- Garance Alistair Drosehn = gad@gilead.netel.rpi.edu Senior Systems Programmer or gad@freebsd.org Rensselaer Polytechnic Institute or drosih@rpi.edu