There was already a phrack article on this for linux, but I was unable
to dig up anything for FreeBSD's ps(1).
The ps(1) command for FreeBSD can be used to show environment variable for
user proccesses running as you, or other users. While not a bug itself, this
will allow you to view certain things, i.e. is root logged on?, FTP_SERVER,
FTP_PASSWORD, or if the machine is a dialup box, and ppp is dialing at the
time you execute ps(1) you will be able to view the password and login for
their account. For privacy reasons I made patches that only allow ps(1) to
show the proccesses for the user running it, making the '-a' flag go away,
unless your uid or gid is 0.
The diff for FreeBSD-2.2.7:
125,128c125
< /* I added all_(g|u)id int's for the "all" case
< * int all, ch, flag, i, fmt, lineno, nentries;
< */
< int all_uid, all_gid, all, ch, flag, i, fmt, lineno, nentries;
---
> int all, ch, flag, i, fmt, lineno, nentries;
146,148d142
< /* get the u and g id's of the user for all case checking. */
< all_uid = getuid();
< all_gid = getgid();
161,169d154
< /* this is set to gid because I want all wheel
< * members to be able to get '-a' output
< * if you only want root to be granted this ability
< * set this line to.
< * if (all_uid != 0)
< */
< if (all_gid != 0)
< all = 0;
< else
-benat_private
EFnet: ben
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:12:36 PDT