procfs + chmod = no go

Robert Watson rwatson at freebsd.org
Mon Mar 1 06:33:34 PST 2004


On Mon, 1 Mar 2004, Andy Gilligan wrote:

> > Why?  They can get the same information from ps(1) or the kern.proc
> > sysctl tree.
> > 
> > (in 5.2, you can set security.bsd.see_other_uid to 0 to prevent users
> > from seeing other users' processes)
> 
> Surely kern.ps_showallprocs would accomplish the same thing in 4.x ? 

kern.ps_showallprocs changes the behavior of the ps(1) command and kernel
sysctls for process listing, but does not provide comprehensive coverage
against probing using kill(2), ptrace(2), and other system calls which
report different protection errors when pointed at undesired targets,
procfs, linprocfs, etc.  In 5.x, we centralized inter-process access
control, improving both its consistency and our ability to instrument it
with new policies as part of the MAC Framework.  So there is a pretty
strong quantitative difference between kern.ps_showallprocfs in 4.x and
security.bsd.see_other_uids in 5.x.  These changes would be fairly
straight forward to backport, but would be complicated by the fact that
procfs in 4.x and procfs in 5.x are substantially different. 

Robert N M Watson             FreeBSD Core Team, TrustedBSD Projects
robert at fledge.watson.org      Senior Research Scientist, McAfee Research





More information about the freebsd-security mailing list