Date: Mon, 6 Dec 2004 10:17:44 +0100 From: Pawel Jakub Dawidek <pjd@FreeBSD.org> To: Garance A Drosihn <drosih@rpi.edu> Cc: freebsd-arch@freebsd.org Subject: Re: ps -e without procfs(5). Message-ID: <20041206091744.GJ813@darkness.comp.waw.pl> In-Reply-To: <p06200745bdd981a17851@[128.113.24.47]> References: <20041130231236.GD56431@darkness.comp.waw.pl> <p06200745bdd981a17851@[128.113.24.47]>
next in thread | previous in thread | raw e-mail | index | archive | help
--W13SgbpmD6bhZUTM Content-Type: text/plain; charset=iso-8859-2 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sun, Dec 05, 2004 at 10:56:47PM -0500, Garance A Drosihn wrote: +> At 12:12 AM +0100 12/1/04, Pawel Jakub Dawidek wrote: +> >Hello. +> > +> >I need some testing for this patch: +> > +> > http://people.freebsd.org/~pjd/patches/ps-e.patch +> > +> >It allows to use 'ps -e' without procfs(5) mounted. +> > +> >I decided to disable this functionality by default, because procfs(5) +> >is also disabled by default and some people may already depend on the +> >fact, that environment is a secret by default. +> >To see the effects, you need to increase sysctl kern.ps_env_cache_limit +> >to for example 1024. +>=20 +> I think it is true that procfs was mounted by default in 4.x, so I +> am not sure we need to start the system with kern.ps_env_cache_limit +> set to 0. Note that there are (or were?) other protections in `ps' +> such that non-root users can only see the environment variables for +> their own processes. They can't see them for processes owned by +> other users. And in 5.x, if procfs *is* mounted then users can't +> even see environment variables of their own processes if sysctl +> security.bsd.unprivileged_proc_debug is set to 0 (it defaults to 1). +>=20 +> I also notice that due to the way your new ability is implemented, +> nobody can see the environment variables for any process which was +> started up before the kern.ps_env_cache_limit is set. I tried to +> set it in /boot/loader.conf.local, but that didn't seem to work. +> (that may have been due to an error on my part, though). (I added an example entry to /etc/sysctl.conf) +> Hmm. And actually, your new version does seem to allow users to see +> the environment variables of processes they do not own, once the new +> sysctl is turned on. That would not be a good change to make. I updated the patch, thanks for your suggestions. PS. In this patch I removed an example entry from sysctl.conf and set cache size to 1024 bytes by default and now I use p_candebug() to protect envs. --=20 Pawel Jakub Dawidek http://www.wheel.pl pjd@FreeBSD.org http://www.FreeBSD.org FreeBSD committer Am I Evil? Yes, I Am! --W13SgbpmD6bhZUTM Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQFBtCO4ForvXbEpPzQRAtvUAKD2w9TdHZD0PXmtKhukjPrap+oZdACg9dfE JHSE+dEXkFHSwqwx1qGpSSA= =7/Mg -----END PGP SIGNATURE----- --W13SgbpmD6bhZUTM--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20041206091744.GJ813>