Date: Sun, 12 Sep 1999 01:44:00 +0800 From: Peter Wemm <peter@netplex.com.au> To: chris@calldei.com Cc: Blaz Zupan <blaz@gold.amis.net>, freebsd-current@FreeBSD.ORG Subject: Re: ps doesn't need privileges? Message-ID: <19990911174400.D3C911CAE@overcee.netplex.com.au> In-Reply-To: Your message of "Sat, 11 Sep 1999 11:31:04 EST." <19990911113104.H906@holly.dyndns.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Chris Costello wrote: > On Sat, Sep 11, 1999, Blaz Zupan wrote: > > /home/blaz> id > > uid=1000(blaz) gid=1000(users) groups=1000(users) > > /home/blaz> ls -l /dev/kmem > > crw-r----- 1 root kmem 2, 1 May 23 15:26 /dev/kmem > > Oh. ps doesn't use /dev/kmem. > > Look at a ktrace of it; it works just as it should. /tmp/ps > auwwx prints what it should and the ktrace output shows it opens > the processes whose memory it can read (as ``nobody'' I could > read httpd processes, my ksh process and my ps process) and > errors for those it cannot: > > 8290 ps CALL __sysctl(0xbfbfc944,0x4,0xbfbfc954,0xbfbfc940,0,0) > 8290 ps RET __sysctl 0 > 8290 ps CALL open(0xbfbfc878,0,0) > 8290 ps NAMI "/proc/7997/mem" > 8290 ps RET open -1 errno 13 Permission denied > 8290 ps CALL close(0xffffffff) > 8290 ps RET close -1 errno 9 Bad file descriptor Not quite. It uses sysctl(2) to grab the eproc table, which contains most of the data. It then uses procfs to get things like the command arguments (which have to come from the process address space) and so on. It also means that ps can see your *own* processes and their full command args: /tmp/ps -aux .... peter 63399 0.0 0.1 600 256 pt Is+ 6:46PM 0:00.01 /bin/sh /home/pe root 63402 0.0 0.5 1544 1160 pt I+ - 0:00.00 (ssh1) nobody 68421 0.0 0.6 4240 1428 ?? I - 0:00.00 (apache) root 68535 0.0 1.5 4588 3744 ?? I - 0:00.00 (xterm) peter 68536 0.0 0.4 1492 1076 pu Is 8:44PM 0:00.10 -csh (tcsh) peter 98319 0.0 0.4 1412 1096 p8 T 10:14PM 0:00.05 vi sb.c peter 98893 0.0 0.4 1412 1096 pu I+ 12:38AM 0:00.30 vi asm.h peter 98997 0.0 0.4 1404 1060 pd I+ 1:11AM 0:00.10 vi swtch.s postfix 99059 0.0 0.2 884 564 ?? I - 0:00.00 (pickup) .... in the example above, my processes are visible but non-peter ones are just their basename. Now that I think about it, it shouldn't be too hard (TM) to finish off the /proc/pid/cmdline stuff so that ps didn't need to access /mem and didn't need setgid at all. Cheers, -Peter -- Peter Wemm - peter@FreeBSD.org; peter@yahoo-inc.com; peter@netplex.com.au To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990911174400.D3C911CAE>