Date: Sat, 1 Jul 1995 19:41:35 +0200 From: Wolfram Schneider <wosch@cs.tu-berlin.de> To: hackers@freebsd.org Cc: joerg@sax.de Subject: Real UID in procfs Message-ID: <199507011741.TAA16016@caramba.cs.tu-berlin.de>
next in thread | raw e-mail | index | archive | help
A one line hack for implementation of real uid in procfs(5).
Conflicts: all scripts/programs which read /procfs/*/status
(I know only killall(1))
Patched /sys/miscfs/procfs/procfs_status.c and killall/killall.{1,pl}
Wolfram
--- 1.1 1995/07/01 14:57:47
+++ /sys/miscfs/procfs/procfs_status.c 1995/07/01 15:57:01
@@ -79,7 +79,10 @@
sid = sess->s_leader ? sess->s_leader->p_pid : 0;
/* comm pid ppid pgid sid maj,min ctty,sldr start ut st wmsg uid groups ... */
-
+/* ifdef PROCFS_RUID
+comm pid ppid pgid sid maj,min ctty,sldr start ut st wmsg euid ruid groups ...
+ endif
+*/
ps = psbuf;
bcopy(p->p_comm, ps, MAXCOMLEN);
ps[MAXCOMLEN] = '\0';
@@ -126,7 +129,13 @@
cr = p->p_ucred;
+#if (!defined PROCFS_RUID)
ps += sprintf(ps, " %ld %ld", cr->cr_uid, cr->cr_gid);
+#else /* have ruid */
+ ps += sprintf(ps, " %ld %ld %ld",
+ cr->cr_uid, p->p_cred->p_ruid, cr->cr_gid);
+#endif /* PROCFS_RUID */
+
for (i = 0; i < cr->cr_ngroups; i++)
ps += sprintf(ps, ",%ld", cr->cr_groups[i]);
ps += sprintf(ps, "\n");
--- 1.1 1995/07/01 15:52:44
+++ killall/killall.pl 1995/07/01 17:10:38
@@ -43,8 +43,12 @@
$match = 0; # 0 match exactly program name
$show = 0;
-$PROC_NAME = 0 + $[;
-$PROC_EUID = 11 + $[;
+# see /sys/*/procfs/procfs_status.c
+# comm pid ppid pgid sid maj,min ctty,sldr start ut st wmsg \
+# euid ruid groups ...
+$PROC_NAME = 0;
+$PROC_EUID = 11;
+$PROC_RUID = 12;
sub usage {
$! = 2;
@@ -66,6 +70,7 @@
die "Maybe $procfs is not mounted\n" unless -e "$procfs/0/status";
opendir(PROCFS, "$procfs") || die "$procfs $!\n";
+print " PID EUID RUID COMMAND\n" if $debug > 1;
foreach (sort{$a <=> $b} grep(/^[0-9]/, readdir(PROCFS))) {
$status = "$procfs/$_/status";
@@ -76,13 +81,21 @@
open(STATUS, "$status") || next; # process maybe already terminated
while(<STATUS>) {
@proc = split;
- printf "%5d $proc[$PROC_NAME] $proc[$PROC_EUID]\n", $pid
+
+ # real uid implemented?
+ $proc[$PROC_RUID] = 99999 if $proc[$PROC_RUID] !~ /^[0-9]+$/;
+
+ printf "%5d %5d %5d %s\n", $pid, $proc[$PROC_EUID], $proc[$PROC_RUID],
+ $proc[$PROC_NAME]
if $debug > 1;
- if (($proc[$PROC_NAME] eq $program ||
+ if (($proc[$PROC_NAME] eq $program || # test program name
($match && $proc[$PROC_NAME] =~ /$program/i)
- ) && # test program name
- ($proc[$PROC_EUID] eq $< || $< == 0)) { # test uid
+ ) &&
+ ($proc[$PROC_EUID] == $< || # test effective uid
+ $proc[$PROC_RUID] == $< || # test real uid
+ $< == 0)) # root
+ {
push(@kill, "$pid");
}
}
--- 1.1 1995/07/01 15:52:44
+++ killall/killall.1 1995/07/01 16:48:35
@@ -63,7 +63,8 @@
printed, or a message indicating that no matching processes have been
found. If the option
.Fl d
-has been specified at least twice, the effective UID, PID, and name
+has been specified at least twice, the PID, effective UID, real
+UID, and name
of all processes found in
.Xr procfs 5
will be listed in addition.
@@ -107,6 +108,7 @@
options.
.Sh SEE ALSO
.Xr kill 1 ,
+.Xr ps 1 ,
.Xr perl 1 ,
.Xr procfs 5 .
.Sh HISTORY
@@ -120,8 +122,12 @@
page has been written by
.if n Joerg Wunsch.
.if t J\(:org Wunsch.
+
+
.Sh BUGS
-Due to limitations in the current implementation of
+The following bug is obsolete since FreeBSD 2.2 .
+
+Due to limitations in the implementation of
.Xr procfs 5 ,
it is only possible to figure out the effective UID of a process.
Hence it is impossible to find processes that run setuid, thus a
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199507011741.TAA16016>