Date: Wed, 7 Aug 1996 17:18:49 +0000 () From: James Raynard <fqueries@jraynard.demon.co.uk> To: Justin Ashworth <ashworth@fubar.cs.montana.edu> Cc: questions@freebsd.org Subject: Re: blocking 'WHAT' in 'w' listing Message-ID: <199608071718.RAA02317@jraynard.demon.co.uk> In-Reply-To: <Pine.OSF.3.91.960806144627.8128A-100000@fubar.cs.montana.edu> from "Justin Ashworth" at Aug 6, 96 02:55:39 pm
next in thread | previous in thread | raw e-mail | index | archive | help
[re other users being able to see what you're doing using ps and w] It's certainly not impossible to prevent this - I believe that US Department of Defense guidelines require that you can only see your own processes when you use 'ps'. All we need to do now is re-write FreeBSD to conform to the DoD spec :-) > > Same code in both ps & w, right? They both use the kvm_* interface to the kernel, as could any program written by someone who really wanted to know (although they'd have to have kmem group privileges to use it)... > I don't know for sure, but that's a good point. If I were real > concerned about it, I'd write a small program that filters it out of both > of those commands. Hardcode the executable to execute ps and w, which may > be hidden as .ps and .w in some obscure directory. It's kind of an ugly > workaround, but I doubt that disabling it is built into the code. Careful here - w and uptime are hard linked to each other, and use the program name to work out which one they're running as. > Actually, now that I think about it, grab 'ps' and 'w' out of the source > tree and just compile them without those options. That would mean chopping a > simple 'cout' or 'printf' command in 'w' and a few lines that look like > they cater to the '-U' option in 'ps'. Rather than chopping them out, put a '#if 0/#endif' block around the lines in question, so it's easy to undo if you change your mind. Also, you'll need to change the header as well... > Go with my second suggestion. I got carried away with that first one > before I realized the obvious best solution. Yep, this is a much better solution. To misquote a famous chess player: if you have a good idea, stop and think about something else for a few minutes. You'll almost certainly have a better one :-)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199608071718.RAA02317>