Date: Mon, 6 Jan 2003 03:03:21 +0200 From: Giorgos Keramidas <keramida@ceid.upatras.gr> To: Cache <cache@sowatech.com.pl> Cc: freebsd-bugs@FreeBSD.ORG Subject: Re: ps information leak in FreeBSD Message-ID: <20030106010321.GB3619@gothmog.gr> In-Reply-To: <20030105204650.M16523@sowatech.com.pl> References: <20030105204650.M16523@sowatech.com.pl>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2003-01-05 20:46, Cache <cache@sowatech.com.pl> wrote: > This is a little information leak. This bug(?) is not dangerous, but > normal user can see all process on the box using ex. /bin/ps; Are you sure you're not doing something wrong? I don't have a 4.X system near to check this but on 5.X the security.bsd.see_other_uids sysctl works as expected: $ sysctl security.bsd.see_other_uids security.bsd.see_other_uids: 1 $ ps auw | grep -v grep | grep root root 492 0.0 0.2 1480 1180 v0 Is+ 6:33PM 0:00.04 login [pam] (login) root 493 0.0 0.2 1480 1180 v1 Is+ 6:33PM 0:00.04 login [pam] (login) root 494 0.0 0.2 1112 828 v2 Is+ 6:33PM 0:00.00 /usr/libexec/getty Pc ttyv2 root 495 0.0 0.2 1112 828 v3 Is+ 6:33PM 0:00.00 /usr/libexec/getty Pc ttyv3 root 1453 0.0 0.3 1720 1372 v0 S+ 11:46PM 0:00.08 screen -ar root 1462 0.0 0.2 1396 1280 p0 Is 11:46PM 0:00.06 -/usr/local/bin/bash root 2744 0.0 0.2 1460 1120 p0 I 12:47AM 0:00.01 su -l ncvs ( Log in as root. Set security.bsd.see_other_uids=0. ) $ sysctl security.bsd.see_other_uids security.bsd.see_other_uids: 0 $ ps auw | grep -v grep | grep root $ - Giorgos To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030106010321.GB3619>