ps -e without procfs(5).

Pawel Jakub Dawidek pjd at FreeBSD.org
Mon Dec 6 01:17:47 PST 2004 

On Sun, Dec 05, 2004 at 10:56:47PM -0500, Garance A Drosihn wrote:
+> At 12:12 AM +0100 12/1/04, Pawel Jakub Dawidek wrote:
+> >Hello.
+> >
+> >I need some testing for this patch:
+> >
+> >	http://people.freebsd.org/~pjd/patches/ps-e.patch
+> >
+> >It allows to use 'ps -e' without procfs(5) mounted.
+> >
+> >I decided to disable this functionality by default, because procfs(5)
+> >is also disabled by default and some people may already depend on the
+> >fact, that environment is a secret by default.
+> >To see the effects, you need to increase sysctl kern.ps_env_cache_limit
+> >to for example 1024.
+> 
+> I think it is true that procfs was mounted by default in 4.x, so I
+> am not sure we need to start the system with kern.ps_env_cache_limit
+> set to 0.  Note that there are (or were?) other protections in `ps'
+> such that non-root users can only see the environment variables for
+> their own processes.  They can't see them for processes owned by
+> other users.  And in 5.x, if procfs *is* mounted then users can't
+> even see environment variables of their own processes if sysctl
+> security.bsd.unprivileged_proc_debug is set to 0 (it defaults to 1).
+> 
+> I also notice that due to the way your new ability is implemented,
+> nobody can see the environment variables for any process which was
+> started up before the kern.ps_env_cache_limit is set.  I tried to
+> set it in /boot/loader.conf.local, but that didn't seem to work.
+> (that may have been due to an error on my part, though).

(I added an example entry to /etc/sysctl.conf)

+> Hmm.  And actually, your new version does seem to allow users to see
+> the environment variables of processes they do not own, once the new
+> sysctl is turned on.  That would not be a good change to make.

I updated the patch, thanks for your suggestions.

PS. In this patch I removed an example entry from sysctl.conf and set
    cache size to 1024 bytes by default and now I use p_candebug()
    to protect envs.

-- 
Pawel Jakub Dawidek                       http://www.wheel.pl
pjd at FreeBSD.org                           http://www.FreeBSD.org
FreeBSD committer                         Am I Evil? Yes, I Am!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-arch/attachments/20041206/db65bd08/attachment.bin

More information about the freebsd-arch mailing list