From owner-freebsd-security Mon Aug 11 11:26:43 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id LAA21119 for security-outgoing; Mon, 11 Aug 1997 11:26:43 -0700 (PDT) Received: from kithrup.com (kithrup.com [205.179.156.40]) by hub.freebsd.org (8.8.5/8.8.5) with SMTP id LAA21107 for ; Mon, 11 Aug 1997 11:26:39 -0700 (PDT) Received: (from sef@localhost) by kithrup.com (8.6.8/8.6.6) id LAA20143; Mon, 11 Aug 1997 11:26:38 -0700 Date: Mon, 11 Aug 1997 11:26:38 -0700 From: Sean Eric Fagan Message-Id: <199708111826.LAA20143@kithrup.com> To: security@freebsd.org Subject: Re: procfs hole In-Reply-To: References: Organization: Kithrup Enterprises, Ltd. Sender: owner-freebsd-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk In article you write: >On Sun, 10 Aug 1997, Brian Mitchell wrote: >> any setuid program. As noted, the easiest way to avoid the problem is just >> to disable procfs -- nobody really uses it anyways. >Would anyone be willing to give a short explanation of the /proc >filesystem and what the original conception of it accomplished? procfs privodes a filesystem interface to the system processes. (I would say "process table," but it isn't a table in freebsd ;).) It is laid out as: /proc curproc/ / ctl etype file fpregs map mem note notepg regs status You can send signals by writing to ctl; you can find out what kind of executable it is by reading etype (e.g., "FreeBSD a.out"); regs and fpregs have the register set; map has the process' memory map, in ascii format; status has something similar to ps when you read it. mem is the process' memory space, and file is the vnode that the process is executing. Brian is wrong -- ps uses procfs, and I have two applications that use an extended procfs. Ideally, you could use procfs for a debugger. This has certain advantages over ptrace() -- ptrace is an *old* API, and lacking in certain ways. (Want to read more than one word at a time? Oops.) procfs first appeared in version 8, I think. It's standard in SysVr4. The FS code for procfs in BSD were written by Jan-Simon Pendry, and the memory guts were written by myself. It has languished for a while, due to my having to do other things, and being somewhat dispirited. I started changing that a couple of weeks ago.