A few questions...

Victor Loureiro Lima victorloureirolima at gmail.com
Wed Jul 25 15:14:23 UTC 2007 

2007/7/24, John-Mark Gurney <gurney_j at resnet.uoregon.edu>:
> Victor Loureiro Lima wrote this message on Tue, Jul 24, 2007 at 16:35 -0300:
> > 2007/7/24, John-Mark Gurney <gurney_j at resnet.uoregon.edu>:
> > >Daniel Molina Wegener wrote this message on Mon, Jul 23, 2007 at 20:52
> > >-0400:
> > >> a) Is there any function or variable that tells me which is the
> > >>    root user UID in the system, or root always have 0 and it's
> > >>    an "elegant" option to compare the variables or structure
> > >>    members against zero.
> > >
> > >#include <sys/conf.h>
> > >
> > >uid == UID_ROOT
> > >
> > >> b) Can normal users look for system processes or kernel threads?
> > >
> > >Yes, ps does this...
> > >
> >
> > ps(1) either elevates its priviledges during execution, or has some
> > other way of medling into the afairs of other processes that will
> > eventually need some higher priviledge status (either that, or I am
> > really out-dated on modern operational systems)
>
> hydrogen,ttypm,/home/johng,503$ls -l /bin/ps
> -r-xr-xr-x  1 root  wheel  31372 May  8  2005 /bin/ps*
>
> So, as you see, no suid or sgid necessary for ps to function...
> FreeBSD exports most/all of the info through sysctl which does not
> require elevated privs to get...
>
> And ps doesn't medling..  it's just a voyeur..
hahaha I liked that phrase ;)


Check this out:
http://www.freebsd.org/cgi/cvsweb.cgi/src/bin/ps/ps.c?rev=1.106.2.2;content-type=text%2Fplain

Turns out ps(1) uses libkvm, more specifically kvm_getprocs() function
(the function that I said was in the middle of my last experience on
getting process information from FreeBSD ;)) Im pretty sure it doesnt
get _any_ of its info thru sysctl's, but using the kvm interface which
is simple, clean and orthogonal, however I guess I was a little bit
incorrect in my last email, ps(1) in its common execution mode will
attempt to retrieve only the
processes information that are pertinent to the current user uid, as
this snippets from
ps.c shows:
-----
        kd = kvm_openfiles(nlistf, memf, NULL, O_RDONLY, errbuf);
	if (kd == 0)
		errx(1, "%s", errbuf);

	if (!_fmt)
		parsefmt(dfmt, 0);

	if (nselectors == 0) {
		uidlist.l.ptr = malloc(sizeof(uid_t));
		if (uidlist.l.ptr == NULL)
			errx(1, "malloc failed");
		nselectors = 1;
		uidlist.count = uidlist.maxcount = 1;
		*uidlist.l.uids = getuid();
	}
-----

 So yes, you are correct, it wont need any "root" priviledge in order
to get the information
about its own processes, but it will need root priviledge to get
information on all process running on the system (am I correct? I am
assuming a lot of things based on very little source-code reading, so
feel free to bash me if I am wrong ;))

 I guess the whole sanity checking for permission is done inside
libkvm somewhere ;)

cheers,
victor f. loureiro lima

More information about the freebsd-hackers mailing list