A few questions...

[John-Mark Gurney]

Victor Loureiro Lima wrote this message on Wed, Jul 25, 2007 at 12:14 -0300:
> 2007/7/24, John-Mark Gurney <gurney_j at resnet.uoregon.edu>:
> >Victor Loureiro Lima wrote this message on Tue, Jul 24, 2007 at 16:35 
> >-0300:
> >> 2007/7/24, John-Mark Gurney <gurney_j at resnet.uoregon.edu>:
> >> >Daniel Molina Wegener wrote this message on Mon, Jul 23, 2007 at 20:52
> >> >-0400:
> >> >> a) Is there any function or variable that tells me which is the
> >> >>    root user UID in the system, or root always have 0 and it's
> >> >>    an "elegant" option to compare the variables or structure
> >> >>    members against zero.
> >> >
> >> >#include <sys/conf.h>
> >> >
> >> >uid == UID_ROOT
> >> >
> >> >> b) Can normal users look for system processes or kernel threads?
> >> >
> >> >Yes, ps does this...
> >> >
> >>
> >> ps(1) either elevates its priviledges during execution, or has some
> >> other way of medling into the afairs of other processes that will
> >> eventually need some higher priviledge status (either that, or I am
> >> really out-dated on modern operational systems)
> >
> >hydrogen,ttypm,/home/johng,503$ls -l /bin/ps
> >-r-xr-xr-x  1 root  wheel  31372 May  8  2005 /bin/ps*
> >
> >So, as you see, no suid or sgid necessary for ps to function...
> >FreeBSD exports most/all of the info through sysctl which does not
> >require elevated privs to get...
> >
> >And ps doesn't medling..  it's just a voyeur..
> hahaha I liked that phrase ;)
> 
> 
> Check this out:
> http://www.freebsd.org/cgi/cvsweb.cgi/src/bin/ps/ps.c?rev=1.106.2.2;content-type=text%2Fplain
> 
> Turns out ps(1) uses libkvm, more specifically kvm_getprocs() function
> (the function that I said was in the middle of my last experience on
> getting process information from FreeBSD ;)) Im pretty sure it doesnt
> get _any_ of its info thru sysctl's, but using the kvm interface which
> is simple, clean and orthogonal, however I guess I was a little bit
> incorrect in my last email, ps(1) in its common execution mode will

Have you looked at the source to kvm_getprocs(3)?
struct kinfo_proc *
kvm_getprocs(kd, op, arg, cnt)
[...]
{
[...]
        if (ISALIVE(kd)) {
                size = 0;
                mib[0] = CTL_KERN;
                mib[1] = KERN_PROC;
                mib[2] = op;
                mib[3] = arg;
                temp_op = op & ~KERN_PROC_INC_THREAD;
                st = sysctl(mib,
                    temp_op == KERN_PROC_ALL || temp_op == KERN_PROC_PROC ?
                    3 : 4, NULL, &size, NULL, 0);
[...]

So, yes, ps isn't using sysctl directly, but kvm_getprocs is...  And
if you look at -current's ps(1):
     -a      Display information about other users' processes as well as your
             own.  This will skip any processes which do not have a control-
             ling terminal, unless the -x option is also specified.  This can
             be disabled by setting the security.bsd.see_other_uids sysctl to
             zero.

and security.bsd.see_other_uids defaults to 1...

-- 
  John-Mark Gurney				Voice: +1 415 225 5579

     "All that I will do, has been done, All that I have, has not."