Date: Sun, 16 Sep 2001 17:54:42 +0200 (CEST) From: _@r4k.net To: FreeBSD-gnats-submit@freebsd.org Subject: kern/30608: [PATCH] kern.ps_showallproc=0 doesn't limit queries for a single pid Message-ID: <200109161554.f8GFsgD99665@r4k.net>
next in thread | raw e-mail | index | archive | help
>Number: 30608 >Category: kern >Synopsis: kern.ps_showallproc=0 doesn't limit queries for a single pid >Confidential: no >Severity: non-critical >Priority: high >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sun Sep 16 09:00:00 PDT 2001 >Closed-Date: >Last-Modified: >Originator: Stephanie Wehner >Release: FreeBSD 4.4-STABLE i386 >Organization: private >Environment: 4.4-STABLE as of 16/09/2001: /sys/kern/kern_proc.c v1.63.2.8 >Description: Even though kern.ps_showallproc is set to 0, users can still see others users processes if querying information about a single pid. (KERN_PROC_PID) This way they could still obtain information about all processes by querying pid for pid. This is fixed in current, but not in 4.4-STABLE. >How-To-Repeat: Set sysctl -w kern.ps_showallproc=0 and then do a ps 1 from a user account for example. >Fix: This is a patch which resolves this problem using the 4.4 checking function (p_trespass): *** kern_proc.c.orig Sun Sep 16 18:27:38 2001 --- kern_proc.c Sun Sep 16 19:10:38 2001 *************** *** 451,456 **** --- 451,458 ---- p = pfind((pid_t)name[0]); if (!p) return (0); + if((!ps_showallprocs) && p_trespass(curproc, p)) + return(0); if (!PRISON_CHECK(curproc, p)) return (0); error = sysctl_out_proc(p, req, 0); >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200109161554.f8GFsgD99665>