Vulnerability Development mailing list archives

Re: ps under FreeBSD

From: "Crist J. Clark" <crist.clark () attbi com>
Date: Mon, 20 May 2002 00:48:51 -0700

On Sun, May 19, 2002 at 11:53:07AM +0200, Guillaume PELAT wrote:

On Saturday 18 May 2002 18:57, Jakub Filonik wrote:

Hi,
I was playing with ps on FreeBSD with kern.ps_showallprocs=0 and I was
surprised when I have seen that I may see info about running process, if I
know it's ID


After some investigation, the problem seems to be in sysctl_kern_proc
function in /sys/kern/kern_proc.c

The following patch seems to fix the problem(for freebsd 4.5):

diff -dru sys/kern/kern_proc.c sys.new/kern/kern_proc.c
--- sys/kern/kern_proc.c      Tue May  1 15:39:06 2001
+++ sys.new/kern/kern_proc.c  Sat May 18 15:27:57 2002
@@ -453,6 +453,8 @@
                      return (0);
              if (!PRISON_CHECK(curproc, p))
                      return (0);
+             if ((!ps_showallprocs) && p_trespass(curproc, p))
+                     return (0);
              error = sysctl_out_proc(p, req, 0);
              return (error);
      }


*GACK!!!*

No, no. You just made it possible for a jailed process to see
processes outside of the jail(8). ITYM,

Index: src/sys/kern/kern_proc.c
===================================================================
RCS file: /export/freebsd/ncvs/src/sys/kern/kern_proc.c,v
retrieving revision 1.63.2.8
diff -u -r1.63.2.8 kern_proc.c
--- src/sys/kern/kern_proc.c    1 May 2001 13:39:06 -0000       1.63.2.8
+++ src/sys/kern/kern_proc.c    20 May 2002 07:36:15 -0000
@@ -451,7 +451,8 @@
                p = pfind((pid_t)name[0]);
                if (!p)
                        return (0);
-               if (!PRISON_CHECK(curproc, p))
+               if (!PRISON_CHECK(curproc, p) || 
+                   (!ps_showallprocs) && p_trespass(curproc, p))
                        return (0);
                error = sysctl_out_proc(p, req, 0);
                return (error);

-- 
Crist J. Clark                     |     cjclark () alum mit edu
                                   |     cjclark () jhu edu
http://people.freebsd.org/~cjc/    |     cjc () freebsd org

Current thread:

ps under FreeBSD Jakub Filonik (May 18)
- #2 ps under FreeBSD Jakub Filonik (May 18)
- Re: ps under FreeBSD Andrew Turner (May 19)
  - Re: ps under FreeBSD J. Mallett (May 19)
  - Re: ps under FreeBSD Idan l. (May 20)
- Re: ps under FreeBSD Guillaume PELAT (May 19)
  - Re: ps under FreeBSD Crist J. Clark (May 20)
    - Re: ps under FreeBSD Crist J. Clark (May 20)