git: 1aabbb25c9f9 - main - ps(1): Match current user's processes using ps' effective UID
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Mon, 28 Apr 2025 12:23:34 UTC
The branch main has been updated by olce: URL: https://cgit.FreeBSD.org/src/commit/?id=1aabbb25c9f9c4372fd68621f8cabdc10b665527 commit 1aabbb25c9f9c4372fd68621f8cabdc10b665527 Author: Olivier Certner <olce@FreeBSD.org> AuthorDate: 2025-04-01 09:47:25 +0000 Commit: Olivier Certner <olce@FreeBSD.org> CommitDate: 2025-04-28 11:59:15 +0000 ps(1): Match current user's processes using ps' effective UID This puts our ps(1) in conformance with POSIX. While here, replace ad-hoc initialization of 'uidlist' with a call to expand_list(). *** Review of the ps(1) implementations in other BSDs, illumos, and Linux's procps shows they already behave as prescribed by POSIX. Previously, we would match processes with their effective user ID but using our real user ID. While the real user ID is meant as the real identity of a process, and is used, e.g., to perform accounting or be permitted to send signals to specific targets, selecting processes to display is arguably more akin to a kind of (advisory) access control. ps(1) is not installed setuid, so normally the real and effective user IDs of ps processes are the same. This may however not be the case when ps(1) is launched by another setuid executable, and the launching process may then logically expect that ps(1) lists the processes corresponding to its effective UID. MFC after: 3 days Relnotes: yes Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D49619 (code) Differential Revision: https://reviews.freebsd.org/D49620 (manual page) --- bin/ps/ps.1 | 26 +------------------------- bin/ps/ps.c | 13 +++++++------ 2 files changed, 8 insertions(+), 31 deletions(-) diff --git a/bin/ps/ps.1 b/bin/ps/ps.1 index 532e920d1cdd..174f18a2f2d9 100644 --- a/bin/ps/ps.1 +++ b/bin/ps/ps.1 @@ -68,7 +68,7 @@ Other output styles can be requested via .Fl -libxo . .Pp By default, only the processes of the calling user, determined by matching their -effective user ID with the real user ID of the +effective user ID with that of the .Nm process, that have controlling terminals are shown. A different set of processes can be selected for display by using combinations @@ -980,14 +980,6 @@ However, other UNIX systems that provide this functionality do so via option instead, reserving .Fl g to query by group leaders. -.Pp -.Nm -currently determines the processes of the current user by matching their -effective user IDs with its own real user ID, whereas -.St -p1003.1-2024 -mandates the traditional UNIX practice of using the effective user ID as the -current user. -This is expected to be changed soon. .Sh HISTORY The .Nm @@ -1000,22 +992,6 @@ Since cannot run faster than the system and is run as any other scheduled process, the information it displays can never be exact. .Pp -.Nm -currently uses its real user ID as the current user when determining default -processes to show. -Besides being inconsistent with POSIX, using the real user ID essentially makes -sense for programs installed as setuid executables, which -.Nm -is not. -It also complicates the use of -.Nm -from other setuid executables, which cannot rely on its default process listing. -Finally, no other -.Nm -implementation (for other BSDs, illumos or Linux) behaves like this. -For all these reasons, the behavior is expected to be changed soon to using the -effective user ID instead. -.Pp .Nm ps currently does not correctly limit the ouput width, and in most cases does not limit it at all when it should. diff --git a/bin/ps/ps.c b/bin/ps/ps.c index f40f6160672d..bb79c6c9af84 100644 --- a/bin/ps/ps.c +++ b/bin/ps/ps.c @@ -510,13 +510,14 @@ main(int argc, char *argv[]) */ nselectors = 0; else if (nselectors == 0) { - /* Default is to request our processes only. */ - uidlist.l.ptr = malloc(sizeof(uid_t)); - if (uidlist.l.ptr == NULL) - xo_errx(1, "malloc failed"); + /* + * Default is to request our processes only. As per POSIX, we + * match processes by their effective user IDs and we use our + * effective user ID as our own identity. + */ + expand_list(&uidlist); + uidlist.l.uids[uidlist.count++] = geteuid(); nselectors = 1; - uidlist.count = uidlist.maxcount = 1; - *uidlist.l.uids = getuid(); } /*