Re: A few questions...

2007/7/24, John-Mark Gurney <gurney_j@xxxxxxxxxxxxxxxxxx>:
Victor Loureiro Lima wrote this message on Tue, Jul 24, 2007 at 16:35 -0300:
> 2007/7/24, John-Mark Gurney <gurney_j@xxxxxxxxxxxxxxxxxx>:
> >Daniel Molina Wegener wrote this message on Mon, Jul 23, 2007 at 20:52
> >-0400:
> >> a) Is there any function or variable that tells me which is the
> >> root user UID in the system, or root always have 0 and it's
> >> an "elegant" option to compare the variables or structure
> >> members against zero.
> >
> >#include <sys/conf.h>
> >
> >uid == UID_ROOT
> >
> >> b) Can normal users look for system processes or kernel threads?
> >
> >Yes, ps does this...
> >
>
> ps(1) either elevates its priviledges during execution, or has some
> other way of medling into the afairs of other processes that will
> eventually need some higher priviledge status (either that, or I am
> really out-dated on modern operational systems)

hydrogen,ttypm,/home/johng,503$ls -l /bin/ps
-r-xr-xr-x 1 root wheel 31372 May 8 2005 /bin/ps*

So, as you see, no suid or sgid necessary for ps to function...
FreeBSD exports most/all of the info through sysctl which does not
require elevated privs to get...

And ps doesn't medling.. it's just a voyeur..
hahaha I liked that phrase ;)


Check this out:
http://www.freebsd.org/cgi/cvsweb.cgi/src/bin/ps/ps.c?rev=1.106.2.2;content-type=text%2Fplain

Turns out ps(1) uses libkvm, more specifically kvm_getprocs() function
(the function that I said was in the middle of my last experience on
getting process information from FreeBSD ;)) Im pretty sure it doesnt
get _any_ of its info thru sysctl's, but using the kvm interface which
is simple, clean and orthogonal, however I guess I was a little bit
incorrect in my last email, ps(1) in its common execution mode will
attempt to retrieve only the
processes information that are pertinent to the current user uid, as
this snippets from
ps.c shows:
-----
kd = kvm_openfiles(nlistf, memf, NULL, O_RDONLY, errbuf);
if (kd == 0)
errx(1, "%s", errbuf);

if (!_fmt)
parsefmt(dfmt, 0);

if (nselectors == 0) {
uidlist.l.ptr = malloc(sizeof(uid_t));
if (uidlist.l.ptr == NULL)
errx(1, "malloc failed");
nselectors = 1;
uidlist.count = uidlist.maxcount = 1;
*uidlist.l.uids = getuid();
}
-----

So yes, you are correct, it wont need any "root" priviledge in order
to get the information
about its own processes, but it will need root priviledge to get
information on all process running on the system (am I correct? I am
assuming a lot of things based on very little source-code reading, so
feel free to bash me if I am wrong ;))

I guess the whole sanity checking for permission is done inside
libkvm somewhere ;)

cheers,
victor f. loureiro lima
_______________________________________________
freebsd-hackers@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@xxxxxxxxxxx"

Relevant Pages

  • Re: sshd: login_name [priv] status
    ... I believe this is a consequence of the new priviledge ... In order to make ssh more secure, ... separate processes, one priviledged which does next to nothing, ... they will have a hard time escalating it into a root exploit. ...
    (Fedora)
  • Re: Superuser password lost
    ... I'm going to try to answer all the responses in a single ... The term "superuser" is a made-up term for any way of gaining ... is not root, but has a method of gaining root priviledge. ...
    (freebsd-questions)