On Mon, May 20, 2002 at 12:48:51AM -0700, Crist J. Clark wrote: > On Sun, May 19, 2002 at 11:53:07AM +0200, Guillaume PELAT wrote: > > On Saturday 18 May 2002 18:57, Jakub Filonik wrote: > > > Hi, > > > I was playing with ps on FreeBSD with kern.ps_showallprocs=0 and I was > > > surprised when I have seen that I may see info about running process, if I > > > know it's ID > > > > After some investigation, the problem seems to be in sysctl_kern_proc > > function in /sys/kern/kern_proc.c > > > > The following patch seems to fix the problem(for freebsd 4.5): > > > > diff -dru sys/kern/kern_proc.c sys.new/kern/kern_proc.c > > --- sys/kern/kern_proc.c Tue May 1 15:39:06 2001 > > +++ sys.new/kern/kern_proc.c Sat May 18 15:27:57 2002 > > @@ -453,6 +453,8 @@ > > return (0); > > if (!PRISON_CHECK(curproc, p)) > > return (0); > > + if ((!ps_showallprocs) && p_trespass(curproc, p)) > > + return (0); > > error = sysctl_out_proc(p, req, 0); > > return (error); > > } > > *GACK!!!* > > No, no. You just made it possible for a jailed process to see > processes outside of the jail(8). Duh. Obviously, I misread the patch as, > > diff -dru sys/kern/kern_proc.c sys.new/kern/kern_proc.c > > --- sys/kern/kern_proc.c Tue May 1 15:39:06 2001 > > +++ sys.new/kern/kern_proc.c Sat May 18 15:27:57 2002 > > @@ -453,6 +453,8 @@ > > return (0); > > - if (!PRISON_CHECK(curproc, p)) > > - return (0); > > + if ((!ps_showallprocs) && p_trespass(curproc, p)) > > + return (0); > > error = sysctl_out_proc(p, req, 0); > > return (error); > > } It doesn't break anything w.r.t. jail(8). Sorry about that. -- Crist J. Clark | cjclarkat_private | cjclarkat_private http://people.freebsd.org/~cjc/ | cjcat_private
This archive was generated by hypermail 2b30 : Mon May 20 2002 - 18:45:08 PDT