From owner-freebsd-bugs Sun Jan 5 11:45:14 2003 Delivered-To: freebsd-bugs@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 359BB37B429 for ; Sun, 5 Jan 2003 11:45:05 -0800 (PST) Received: from sowatech.com.pl (sowatech.com.pl [195.205.241.66]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0771C43EB2 for ; Sun, 5 Jan 2003 11:45:03 -0800 (PST) (envelope-from cache@sowatech.com.pl) Received: from sowatech.com.pl (cache@sowatech.com.pl [195.205.241.66]) by sowatech.com.pl (SMTP-sowatech.com.pl/sowatech.com.pl) with ESMTP id h05KkoT9091859; Sun, 5 Jan 2003 20:46:51 GMT (envelope-from cache@sowatech.com.pl) From: "Cache" To: bugtraq@securityfocus.net Cc: freebsd-bugs@freebsd.org Subject: ps information leak in FreeBSD Date: Sun, 5 Jan 2003 20:46:50 +0000 Message-Id: <20030105204650.M16523@sowatech.com.pl> X-Mailer: Open WebMail 1.70 20020712 X-OriginatingIP: 80.134.62.183 (cache) MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=OPENWEBMAIL_ATT_0.086899105925113" Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org This is a multi-part message in MIME format. ------=OPENWEBMAIL_ATT_0.086899105925113 Content-Type: text/plain; charset=iso-8859-2 Nothing special, lame :) Hi, 0x01 About 0x02 Practical 0x03 Conclusion 0x04 Install 0x05 End 0x06 Greetz 0x01 About: Autor: Rafael Lesniak / 05012003 Hannover / cache@irc.pl Sorry for My English This is a little information leak. This bug(?) is not dangerous, but normal user can see all process on the box using ex. /bin/ps; Affected Systems: FreeBSD :possible all OpenBSD :don't known Linux :don't known Other :don't known 0x02 Practical: (I don't use /proc.) Last login: Sun Jan 5 00:13:01 on ttyv0 Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994 The Regents of the University of California. All rights reserved. FreeBSD 4.7-RELEASE (SILENT) #1: Sun Jan 5 00:10:51 GMT 2003 Welcome to FreeBSD! [cache@silent][ttyv1] ~> grep "FreeBSD:" /usr/src/sys/i386/conf/LINT # $FreeBSD: src/sys/i386/conf/LINT,v 1.749.2.124 2002/10/05 18:31:47 scottl Exp [cache@silent][ttyv1] ~> sysctl -a | grep show kern.ps_showallprocs: 0 [cache@silent][ttyv1] ~> ps -auxwwwp 101 USER PID %CPU %MEM VSZ RSS TT STAT STARTED TIME COMMAND root 101 0,0 0,2 1020 740 ?? Is 0:12 0:00,01 /usr/sbin/cron ps [-aCcefhjlmrSTuvwx] [-M core] [-N system] [-O fmt] [-o fmt] [-p pid] [-t tty] [-U username] -p Display information associated with the specified process ID. --- cut --- 0x03 Conclusion: I hope it is good idea to protect all process information (any way, for what We need kern.ps_showallprocs?) [cache@silent][ttyv1] ~> cat info.sh #!/bin/sh pid=0; while x=0; do /bin/ps -auxwwwp $pid | /usr/bin/grep $pid; pid=`expr $pid + 1`; done --- cut --- See out.log how it works. 0x04 Install: $ mkdir /tmp/patch $ cp proc-patch.tar.gz /tmp/patch $ cd /tmp/patch $ tar -zxvf proc-patch.tar.gz $ su # patch -p0 < proc.patch --- cut --- Hmm... Looks like a new-style context diff to me... The text leading up to this was: -------------------------- |*** /usr/src/sys/kern/kern_proc.c Tue May 1 13:39:06 2001 |--- /usr/src/sys/kern/kern_proc.c Sun Jan 5 00:18:40 2003 -------------------------- Patching file /usr/src/sys/kern/kern_proc.c using Plan A... Hunk #1 succeeded at 453. done --- cut --- configure Your kernel, compile, install and thats all. 0x05 End: I have make this little patch for My FreeBSD box, and this method doesn't work. May be it is possible to do, but this is not My skill level );] ... 0x06 Greetz: kador, Lam3rz, layon, ultor, neutrinka, !pl-bsd, and all lamerz ... ## Rafal (cache) Lesniak ####### CoSysOp cache /at/ sowatech.com.pl ### http://www.sowatech.com.pl ### ------=OPENWEBMAIL_ATT_0.086899105925113 Content-Type: application/x-gzip-compressed; Content-Disposition: attachment; filename="proc-patch.tar.gz" Content-Transfer-Encoding: base64 H4sIAOmRFz4AA+1aeXPbxhX3v8KMv8NzHCeUzWMXN+mmriopsVrJdkW5SevxOBC4FFHhKg4eHref vW8XILmgCFr2yE5mijcccLFY/PD23QtsnERuJ3Yyd9K796WIEJ1YhoH/RLNUwv85Lf+LtmUSw7QM qun3CFWJod4D44txJFGeZk4CcM913AnbMW42Ycz/Ggx9XYrX+vfCcdRNJ3f/DELJTv1T3Vrqn+hU w/Gappn3gNw9Kzfp/1z/Dx/0Lr2wl04UJfZGP5Cnymzi+Qzm2IRRBIq4HKfQcfL5bDaL4VscBx+g l6eJuHaVsKLzqUD4lc3jpBj0BOivT5VRFDLlt55mQzUk+X+UZ52Qzbp+dHW3z+D+b+p6rf+La4X/ 6zrvpzoPCY3/fwUauokXZ8CFkLERRCEM8xD+4oQABhAyoPpANUBFzSmPussUAffvK0JeAEAtDYC0 CT9gC1WnAiW6DjDFviFwQhitbBAc2oeOiyAtPOxLQLa5AlLxvM8xTGqWQE9KIF0CopAW7EumKwNa Fc40BERLxPOYA6ZbAFUQIY1z1/FkJBsobYuJUjw3DeRKN5dIW1hTNSjjKqykdl95xOZehrITf4pS yp4HyK2C1+1C8F9S/1X/v3vf57Tb/7HY4zlf+L9p4QCR/02t8f+vQVv838kKM9RB1QYaGehkm/8n UZQJe6crJ+OuYRjouxr32mfPAE5O0ctUdaDaFa/tpdw3vNDLoNORoNQVFCnGlwcOdXQK26CgFTtX bOSwIAr3JSjtU6HwWmsa3ATSPxUIn9y6zMc3kYzPQZqGfpLLKOYnouh8YukidFkiwWBAq8Zau4xq HEaExk1m+kXFJzSXLlIMFCOQdNdfmwHOU6V9EzODpZZmsA2QSoChE7CRBGbJ3FHCbcq09R1gRALz QpYhb7OfJcB+FVDFpqWZOwBVCdBNonCFRQmtio7bumHtEp080zy9HElYa+tCANWy0dV4sqnFwoel LBwFjucPwHFdFmdeiDkvDYI0FohWBdE0BSLZqYc14t9yljNI8jWH6tqRqJgtztkgdh0ebaPOgyhP MZZ0YuiN2BQXDwFZA2qVKWsEZ6RqOtkxZbsQnx+5jt/DJYhIrPcVbInwo9lVQBOzpraaMdTroxaw /6mA+m5Andwxhzq9a0C1CtjnSlna4VZAdTvgUst61bANPFdVUnrwcAugVuFQuIqTxGtAc8PrioCF zSnldvikfsreJZszt3fFsmwBEqBaB6h+JqBWB6h9JqBeB6h/JqBRB2h8JuBmxb4CND8T0KoDtD4P 0KqYDVW5TPsCkNSEQw0wtXkhj16iJJRXOmuTKdYT2Oyb5Upnq5do21c6VjWolsuJJdCT7f5bLifE dH+h9NyU1yfVNZil8/UKj9I7AOei/upNooD1BJDkvrZeQlltDC220UcONcyado0D63bbphJrgtlf fkxk6dmVsKr2iV0G/tU6cTOTGDD28/llNJdQpDpDExPHOoNqaj0Krl5ngRvnfuSMZJyqLm2xarXt ehwcMAt4lkQc6ATQmzpJTwasqAALZlxsaqQWUG+jEcyCELFO0OKIjKR/IhLGxiUSG1WQjE9FsiUk KiOZVXGhC1EhwzpxmVzs4zRYY6h0q9VvliZ9yUjJyuo7LswpdYIYZECdGygeKLco20BAk9yw0QLQ GBC7jWVfidKJV8lPs6oFBBWG2TeryU+XX2DUJL8V4EYBIbJpX90BuDs9i9QuA/Iy8UZ6vg2HS9Hp Upm41kW1XNcGhNTp4jhjSSDDLUVIOZxB0Y50alVEKMOpbUpvYNCqZ+sYGooYFpPtLKH6t0VX3SC3 mRvdOTe+tFkD0tXs8KDzWKHZKtmYnQSI8ahEybyM+SDCqgyo13AY0xoOsUgXzKW5tOjSDaMqMnRA yq2twHlyEwc57yDEhsQsbR0MLW6/ODfV5MujmKxx1q+3KJdY4I1czhH+WoFbQbNvIX9q3dK2rFU5 XtiWhnC6ZqlV6ctwWIhtYugbmZuHLxEpYrWGpe22ZUkSx7s1HSWniUJNAJWSUuVXima1QGH+uHcl A97GESuAu43VMuyKsfJSQLNMvSouGRDVtctYLZPWGatWw+FWY7XMzeqJl2I8RgicLYwRQzbWFYxe tVU0adXkmUfAbNGApe+wVes2sUI1b2urFt0Qvs6FT+SMVIXDazcwKum/iIOFU+vLBXIVg5KKrX70 NXP1/R4dqNaXf83c0O+UpPf/vNkVzTt+xse+/1lW+f7fIhia+fd/nWjN+/+vQo8fPy7fTiYuf6/b u2ZJKA7vhD24exc5gzNnwV/0U4wX/QGmNIwXVOl0Oh+5deOLlr36lPC4SvwcqxmtrWP2Eh0cW3SY JmC7owDs7e0lLMuTEFpk/6no8MbQevDq/GT48sW7w+fHh39tuXnCn92GeH//5j1PeEfvMRQNHkCH k2iGQdFfQJ6yBPi9LE3X14nBv0/hOv7cGTuYHE9ZGnrOdfFq4E9egg7jS3BOmHkD4LslYqBF9+Oe +Oesth7E6bsUn+j4Pn9Sug/ffQfxuyxhaeykaZV7fheUdGMSe3tidixJogR+AJS+m/nvojwTom/F bbzl321YCmp5vxhf9P2niPeS/58fHxydHX8BG/uI/+umUe7/siixdMr3f1lqs//nq9CLKJt44RWk MXM9x2+D7wQMBvuK8txrKwqZYzV3cImGxZsqvEocN/NwUclPNTiMQtfPUy8K+bkOJyFK0xcXDTgO R7xhwk8JY9l7RUYbKMpBnkXJYNOxemuXe+6EYTRFr+xtuNswSpIFjNHyzxb4lCvf49uXLiZeCvhz wPeyzGfAP1YmgZMhd+Az57oLYshlftV6ts9HhlhRjpzwiiVRnrbxQqaE/A6/CAYuRq6UMcAJLQMD r58yLNMuozmO4XJj8y6UW6Se4pzGY+by76jDRZqxIB0oP+Lc/zw82tsbxFGaepe+wFNexiwsurEs +z6D6zCahcqpF+bzjb6X+Lxko29DFyjM1gkUA5BzKDI5qvDUSbPideZgc3eBWBfy2WSLKVEOo3iR eFeTDIvIfaB9m7T5URNHUxxtfuyL/j4VR3G1rys8QF2gUM7ZFQszlNFYyOh16KHyUi9b8J5Dx/dQ HajjLsABSlQ8LsUwhaKeslFXWYoK9K7VOT8+PT4YHkNreHJ6/OJiHx7SG1MgA1yY/3R2UaQU5Wfm uxHabhZBifQATe5NYTqp5yNvb9/w6dK38N8/gti29k05cvBNNZN5mm323Cgc905PXlwoD+Hb5UDY PqQ9Bdq19H5X7VJcfCBHao+SHnoBZj2ssXULUjdCs4TjebyDqyKQQ8eBDwWHPF0oPKd2N3LHAEg9 jLxfj2Kqfj08PkctvTo5gkeHr17Do7PjMzz/+/CfAOdDXJhcXGAuvDi44Ifzi+OjIu1cnJwdw+HL s7ODF0c13z/Lb6nLD3gny101amU9WP2WqijI35uOc+iy8eRffpAML/LpbP4W+87AjRLGWy+4LNCH ePsljIOMN6JlI4bYG70Vpvemk3Er5r2vhePyj8lvFaUTF5M48tLYx/pFDgeYbCMMd9xTZ142EfYq IuDYw66ls58coVXySsTN+UaFjrIZ9NDxTmASxRhrMh5QrqJoBN6IOdwIESXDYFAJHzIPSssJFzBz Fm0RymYTXJf9zCBkyME2hT/b32E3Lt5cbs5Q1ls6t+3ovKMNnVW5DDFMltuHgFdUKI5ZlFynXaWS F1Be30JwPfIwpmdB3BN1B3a5MazrkC7m4+7V+40Ro+o5z9md9/Pp+OaNeDXN0WVFHxZiBP4A66VN lfHnQdDtYkA6jaLrFPPGNUZn1MCsk2YLFBm6d8bmmCS88ZirNGA4WuGxTnRjUhnxHJDH/GLGk8vM wZjfqSXlw0fr7dLz6oruDx+tuguA2tJ7B3OvuID4hMbcXnY/pMh+r3x8xAEXyvM8vMYgjaJ3XbRg tGG0SKzgu4W5SEIHReFh07vKEwb/iPJEWDvD0gPDd4xPbqMlC3PBcnqEYnUwTeBZYUuirBiAcDxn yiBwUGdC9GXWL9ReFgfLlIL5ul2i4ciAZRN0VOQMi47vC1PtCnFfLj15laxRsaNI1AbFvWXZcLZQ 0msPWfTZFKuX/advgUtBrneQSa6Ia2cUJW04dQItec/Lq0UUtiH3M94bsjxLvPDaacOD2O9cpqOC TWWPT5+XYsn7Avi3rhMbaqihhhpqqKGGGmqooYYaaqihhhpqqKGGGmqooYYaaqihhhr6fdP/AEZc 4UsAUAAA ------=OPENWEBMAIL_ATT_0.086899105925113-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message