From _@r4k.net  Sun Sep 16 08:54:44 2001
Return-Path: <_@r4k.net>
Received: from r4k.net (r4k.net [194.109.74.241])
	by hub.freebsd.org (Postfix) with ESMTP id D173D37B408
	for <FreeBSD-gnats-submit@freebsd.org>; Sun, 16 Sep 2001 08:54:43 -0700 (PDT)
Received: (from _@localhost)
	by r4k.net (8.11.3/8.11.1) id f8GFsgD99665;
	Sun, 16 Sep 2001 17:54:42 +0200 (CEST)
	(envelope-from _)
Message-Id: <200109161554.f8GFsgD99665@r4k.net>
Date: Sun, 16 Sep 2001 17:54:42 +0200 (CEST)
From: _@r4k.net
Reply-To: _@r4k.net
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: [PATCH] kern.ps_showallproc=0 doesn't limit queries for a single pid
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         30608
>Category:       kern
>Synopsis:       kern.ps_showallproc=0 doesn't limit queries for a single pid
>Confidential:   no
>Severity:       non-critical
>Priority:       high
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun Sep 16 09:00:00 PDT 2001
>Closed-Date:    Sat Jun 09 18:55:00 GMT 2007
>Last-Modified:  Sat Jun 09 18:55:00 GMT 2007
>Originator:     Stephanie Wehner
>Release:        FreeBSD 4.4-STABLE i386
>Organization:
private
>Environment:
	
	4.4-STABLE as of 16/09/2001:

	/sys/kern/kern_proc.c v1.63.2.8
	
>Description:

	Even though kern.ps_showallproc is set to 0, users can still 
	see others users processes if querying information about a single	
	pid. (KERN_PROC_PID) This way they could still obtain information
	about all processes by querying pid for pid.

	This is fixed in current, but not in 4.4-STABLE. 

>How-To-Repeat:

	Set sysctl -w kern.ps_showallproc=0 and then do a ps 1 from a user
	account for example.
>Fix:

	This is a patch which resolves this problem using the 4.4 checking
	function (p_trespass):

*** kern_proc.c.orig	Sun Sep 16 18:27:38 2001
--- kern_proc.c	Sun Sep 16 19:10:38 2001
***************
*** 451,456 ****
--- 451,458 ----
  		p = pfind((pid_t)name[0]);
  		if (!p)
  			return (0);
+                 if((!ps_showallprocs) && p_trespass(curproc, p))
+                         return(0);
  		if (!PRISON_CHECK(curproc, p))
  			return (0);
  		error = sysctl_out_proc(p, req, 0);


	

>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->patched 
State-Changed-By: maxim 
State-Changed-When: Sun Jul 18 06:46:05 GMT 2004 
State-Changed-Why:  
The issue was fixed in HEAD, there are security.bsd.see_other_uids and 
security.bsd.see_other_gids sysctls.  I do not think there are any plans 
to backports this infrastructure to RELENG_4 though. 
Thanks for the submission! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=30608 
State-Changed-From-To: patched->closed 
State-Changed-By: gavin 
State-Changed-When: Sat Jun 9 18:54:24 UTC 2007 
State-Changed-Why:  
Fixed in all supported FreeBSD releases 

http://www.freebsd.org/cgi/query-pr.cgi?pr=30608 
>Unformatted:
