FreeBSD Mail Archives

Date:      Sun, 5 Jan 2003 20:46:50 +0000
From:      "Cache" <cache@sowatech.com.pl>
To:        bugtraq@securityfocus.net
Cc:        freebsd-bugs@freebsd.org
Subject:   ps information leak in FreeBSD
Message-ID:  <20030105204650.M16523@sowatech.com.pl>

next in thread | raw e-mail | index | archive | help

This is a multi-part message in MIME format.

------=OPENWEBMAIL_ATT_0.086899105925113
Content-Type: text/plain; charset=iso-8859-2

Nothing special, lame :)

Hi,

0x01 About
0x02 Practical
0x03 Conclusion
0x04 Install
0x05 End
0x06 Greetz


0x01 About:

Autor: Rafael Lesniak / 05012003 Hannover / cache@irc.pl 
Sorry for My English

This is a little information leak. This bug(?) is not dangerous, but
normal user can see all process on the box using ex. /bin/ps;

Affected Systems:
FreeBSD		:possible all
OpenBSD		:don't known
Linux		:don't known
Other		:don't known

0x02 Practical:

(I don't use /proc.)

Last login: Sun Jan  5 00:13:01 on ttyv0
Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994
    The Regents of the University of California.  All rights reserved.

FreeBSD 4.7-RELEASE (SILENT) #1: Sun Jan  5 00:10:51 GMT 2003

Welcome to FreeBSD!


[cache@silent][ttyv1] ~> grep "FreeBSD:" /usr/src/sys/i386/conf/LINT
# $FreeBSD: src/sys/i386/conf/LINT,v 1.749.2.124 2002/10/05 18:31:47 scottl 
Exp

[cache@silent][ttyv1] ~> sysctl -a | grep show
kern.ps_showallprocs: 0
[cache@silent][ttyv1] ~> ps -auxwwwp 101
USER   PID %CPU %MEM   VSZ  RSS  TT  STAT STARTED      TIME COMMAND
root   101  0,0  0,2  1020  740  ??  Is    0:12     0:00,01 /usr/sbin/cron

ps [-aCcefhjlmrSTuvwx] [-M core] [-N system] [-O fmt] [-o fmt] [-p pid]
    [-t tty] [-U username]

-p      Display information associated with the specified process ID.

--- cut ---

0x03 Conclusion:

I hope it is good idea to protect all process information 
(any way, for what We need kern.ps_showallprocs?)

[cache@silent][ttyv1] ~> cat info.sh
#!/bin/sh
pid=0;
while x=0; do
/bin/ps -auxwwwp $pid | /usr/bin/grep $pid;
pid=`expr $pid + 1`;
done

--- cut ---

See out.log how it works.

0x04 Install:

$ mkdir /tmp/patch
$ cp proc-patch.tar.gz /tmp/patch
$ cd /tmp/patch
$ tar -zxvf proc-patch.tar.gz
$ su
# patch -p0 < proc.patch

--- cut ---
Hmm...  Looks like a new-style context diff to me...
The text leading up to this was:
--------------------------
|*** /usr/src/sys/kern/kern_proc.c      Tue May  1 13:39:06 2001
|--- /usr/src/sys/kern/kern_proc.c      Sun Jan  5 00:18:40 2003
--------------------------
Patching file /usr/src/sys/kern/kern_proc.c using Plan A...
Hunk #1 succeeded at 453.
done
--- cut --- 

configure Your kernel, compile, install and thats all.

0x05 End: 

I have make this little patch for My FreeBSD box, and this method 
doesn't work. May be it is possible to do, but this is not My
skill level );] ...

0x06 Greetz: 
    kador, Lam3rz, layon, ultor, neutrinka, !pl-bsd, and 
	all lamerz ...


## Rafal (cache) Lesniak   #######
CoSysOp cache /at/ sowatech.com.pl
### http://www.sowatech.com.pl ###

------=OPENWEBMAIL_ATT_0.086899105925113
Content-Type: application/x-gzip-compressed;
Content-Disposition: attachment; filename="proc-patch.tar.gz"
Content-Transfer-Encoding: base64

H4sIAOmRFz4AA+1aeXPbxhX3v8KMv8NzHCeUzWMXN+mmriopsVrJdkW5SevxOBC4FFHhKg4eHref
vW8XILmgCFr2yE5mijcccLFY/PD23QtsnERuJ3Yyd9K796WIEJ1YhoH/RLNUwv85Lf+LtmUSw7QM
qun3CFWJod4D44txJFGeZk4CcM913AnbMW42Ycz/Ggx9XYrX+vfCcdRNJ3f/DELJTv1T3Vrqn+hU
w/Gappn3gNw9Kzfp/1z/Dx/0Lr2wl04UJfZGP5Cnymzi+Qzm2IRRBIq4HKfQcfL5bDaL4VscBx+g
l6eJuHaVsKLzqUD4lc3jpBj0BOivT5VRFDLlt55mQzUk+X+UZ52Qzbp+dHW3z+D+b+p6rf+La4X/
6zrvpzoPCY3/fwUauokXZ8CFkLERRCEM8xD+4oQABhAyoPpANUBFzSmPussUAffvK0JeAEAtDYC0
CT9gC1WnAiW6DjDFviFwQhitbBAc2oeOiyAtPOxLQLa5AlLxvM8xTGqWQE9KIF0CopAW7EumKwNa
Fc40BERLxPOYA6ZbAFUQIY1z1/FkJBsobYuJUjw3DeRKN5dIW1hTNSjjKqykdl95xOZehrITf4pS
yp4HyK2C1+1C8F9S/1X/v3vf57Tb/7HY4zlf+L9p4QCR/02t8f+vQVv838kKM9RB1QYaGehkm/8n
UZQJe6crJ+OuYRjouxr32mfPAE5O0ctUdaDaFa/tpdw3vNDLoNORoNQVFCnGlwcOdXQK26CgFTtX
bOSwIAr3JSjtU6HwWmsa3ATSPxUIn9y6zMc3kYzPQZqGfpLLKOYnouh8YukidFkiwWBAq8Zau4xq
HEaExk1m+kXFJzSXLlIMFCOQdNdfmwHOU6V9EzODpZZmsA2QSoChE7CRBGbJ3FHCbcq09R1gRALz
QpYhb7OfJcB+FVDFpqWZOwBVCdBNonCFRQmtio7bumHtEp080zy9HElYa+tCANWy0dV4sqnFwoel
LBwFjucPwHFdFmdeiDkvDYI0FohWBdE0BSLZqYc14t9yljNI8jWH6tqRqJgtztkgdh0ebaPOgyhP
MZZ0YuiN2BQXDwFZA2qVKWsEZ6RqOtkxZbsQnx+5jt/DJYhIrPcVbInwo9lVQBOzpraaMdTroxaw
/6mA+m5Andwxhzq9a0C1CtjnSlna4VZAdTvgUst61bANPFdVUnrwcAugVuFQuIqTxGtAc8PrioCF
zSnldvikfsreJZszt3fFsmwBEqBaB6h+JqBWB6h9JqBeB6h/JqBRB2h8JuBmxb4CND8T0KoDtD4P
0KqYDVW5TPsCkNSEQw0wtXkhj16iJJRXOmuTKdYT2Oyb5Upnq5do21c6VjWolsuJJdCT7f5bLifE
dH+h9NyU1yfVNZil8/UKj9I7AOei/upNooD1BJDkvrZeQlltDC220UcONcyado0D63bbphJrgtlf
fkxk6dmVsKr2iV0G/tU6cTOTGDD28/llNJdQpDpDExPHOoNqaj0Krl5ngRvnfuSMZJyqLm2xarXt
ehwcMAt4lkQc6ATQmzpJTwasqAALZlxsaqQWUG+jEcyCELFO0OKIjKR/IhLGxiUSG1WQjE9FsiUk
KiOZVXGhC1EhwzpxmVzs4zRYY6h0q9VvliZ9yUjJyuo7LswpdYIYZECdGygeKLco20BAk9yw0QLQ
GBC7jWVfidKJV8lPs6oFBBWG2TeryU+XX2DUJL8V4EYBIbJpX90BuDs9i9QuA/Iy8UZ6vg2HS9Hp
Upm41kW1XNcGhNTp4jhjSSDDLUVIOZxB0Y50alVEKMOpbUpvYNCqZ+sYGooYFpPtLKH6t0VX3SC3
mRvdOTe+tFkD0tXs8KDzWKHZKtmYnQSI8ahEybyM+SDCqgyo13AY0xoOsUgXzKW5tOjSDaMqMnRA
yq2twHlyEwc57yDEhsQsbR0MLW6/ODfV5MujmKxx1q+3KJdY4I1czhH+WoFbQbNvIX9q3dK2rFU5
XtiWhnC6ZqlV6ctwWIhtYugbmZuHLxEpYrWGpe22ZUkSx7s1HSWniUJNAJWSUuVXima1QGH+uHcl
A97GESuAu43VMuyKsfJSQLNMvSouGRDVtctYLZPWGatWw+FWY7XMzeqJl2I8RgicLYwRQzbWFYxe
tVU0adXkmUfAbNGApe+wVes2sUI1b2urFt0Qvs6FT+SMVIXDazcwKum/iIOFU+vLBXIVg5KKrX70
NXP1/R4dqNaXf83c0O+UpPf/vNkVzTt+xse+/1lW+f7fIhia+fd/nWjN+/+vQo8fPy7fTiYuf6/b
u2ZJKA7vhD24exc5gzNnwV/0U4wX/QGmNIwXVOl0Oh+5deOLlr36lPC4SvwcqxmtrWP2Eh0cW3SY
JmC7owDs7e0lLMuTEFpk/6no8MbQevDq/GT48sW7w+fHh39tuXnCn92GeH//5j1PeEfvMRQNHkCH
k2iGQdFfQJ6yBPi9LE3X14nBv0/hOv7cGTuYHE9ZGnrOdfFq4E9egg7jS3BOmHkD4LslYqBF9+Oe
+Oesth7E6bsUn+j4Pn9Sug/ffQfxuyxhaeykaZV7fheUdGMSe3tidixJogR+AJS+m/nvojwTom/F
bbzl321YCmp5vxhf9P2niPeS/58fHxydHX8BG/uI/+umUe7/siixdMr3f1lqs//nq9CLKJt44RWk
MXM9x2+D7wQMBvuK8txrKwqZYzV3cImGxZsqvEocN/NwUclPNTiMQtfPUy8K+bkOJyFK0xcXDTgO
R7xhwk8JY9l7RUYbKMpBnkXJYNOxemuXe+6EYTRFr+xtuNswSpIFjNHyzxb4lCvf49uXLiZeCvhz
wPeyzGfAP1YmgZMhd+Az57oLYshlftV6ts9HhlhRjpzwiiVRnrbxQqaE/A6/CAYuRq6UMcAJLQMD
r58yLNMuozmO4XJj8y6UW6Se4pzGY+by76jDRZqxIB0oP+Lc/zw82tsbxFGaepe+wFNexiwsurEs
+z6D6zCahcqpF+bzjb6X+Lxko29DFyjM1gkUA5BzKDI5qvDUSbPideZgc3eBWBfy2WSLKVEOo3iR
eFeTDIvIfaB9m7T5URNHUxxtfuyL/j4VR3G1rys8QF2gUM7ZFQszlNFYyOh16KHyUi9b8J5Dx/dQ
HajjLsABSlQ8LsUwhaKeslFXWYoK9K7VOT8+PT4YHkNreHJ6/OJiHx7SG1MgA1yY/3R2UaQU5Wfm
uxHabhZBifQATe5NYTqp5yNvb9/w6dK38N8/gti29k05cvBNNZN5mm323Cgc905PXlwoD+Hb5UDY
PqQ9Bdq19H5X7VJcfCBHao+SHnoBZj2ssXULUjdCs4TjebyDqyKQQ8eBDwWHPF0oPKd2N3LHAEg9
jLxfj2Kqfj08PkctvTo5gkeHr17Do7PjMzz/+/CfAOdDXJhcXGAuvDi44Ifzi+OjIu1cnJwdw+HL
s7ODF0c13z/Lb6nLD3gny101amU9WP2WqijI35uOc+iy8eRffpAML/LpbP4W+87AjRLGWy+4LNCH
ePsljIOMN6JlI4bYG70Vpvemk3Er5r2vhePyj8lvFaUTF5M48tLYx/pFDgeYbCMMd9xTZ142EfYq
IuDYw66ls58coVXySsTN+UaFjrIZ9NDxTmASxRhrMh5QrqJoBN6IOdwIESXDYFAJHzIPSssJFzBz
Fm0RymYTXJf9zCBkyME2hT/b32E3Lt5cbs5Q1ls6t+3ovKMNnVW5DDFMltuHgFdUKI5ZlFynXaWS
F1Be30JwPfIwpmdB3BN1B3a5MazrkC7m4+7V+40Ro+o5z9md9/Pp+OaNeDXN0WVFHxZiBP4A66VN
lfHnQdDtYkA6jaLrFPPGNUZn1MCsk2YLFBm6d8bmmCS88ZirNGA4WuGxTnRjUhnxHJDH/GLGk8vM
wZjfqSXlw0fr7dLz6oruDx+tuguA2tJ7B3OvuID4hMbcXnY/pMh+r3x8xAEXyvM8vMYgjaJ3XbRg
tGG0SKzgu4W5SEIHReFh07vKEwb/iPJEWDvD0gPDd4xPbqMlC3PBcnqEYnUwTeBZYUuirBiAcDxn
yiBwUGdC9GXWL9ReFgfLlIL5ul2i4ciAZRN0VOQMi47vC1PtCnFfLj15laxRsaNI1AbFvWXZcLZQ
0msPWfTZFKuX/advgUtBrneQSa6Ia2cUJW04dQItec/Lq0UUtiH3M94bsjxLvPDaacOD2O9cpqOC
TWWPT5+XYsn7Avi3rhMbaqihhhpqqKGGGmqooYYaaqihhhpqqKGGGmqooYYaaqihhhr6fdP/AEZc
4UsAUAAA

------=OPENWEBMAIL_ATT_0.086899105925113--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030105204650.M16523>

Header And Logo

Peripheral Links

Site Navigation

Header And Logo

Peripheral Links

Search

Site Navigation