tech-security: Re: kern.showallprocs implementation

Subject: Re: kern.showallprocs implementation
To: None <tech-security@NetBSD.org>
From: Rui Paulo <alpha1@freeshell.org>
List: tech-security
Date: 06/26/2004 02:16:01
--2fHTh5uZTiUOsy+g
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

I forgot to include the rest of the diff in the previous message. Here
it goes. Sorry for that.

Regards.

-- 
  "Simplicity is the ultimate 
    sophistication." 
    -- Leonardo da Vinci      


--2fHTh5uZTiUOsy+g
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename=d3

Index: sysctl.h
===================================================================
RCS file: /cvsroot/src/sys/sys/sysctl.h,v
retrieving revision 1.116.2.8
diff -r1.116.2.8 sysctl.h
271c271
< 
---
> #define KERN_SHOWALLPROCS       78      /* int: if users can see all procs */
280a281
> 	{ "showallprocs", CTLTYPE_INT }, \
Index: systm.h
===================================================================
RCS file: /cvsroot/src/sys/sys/systm.h,v
retrieving revision 1.170
diff -r1.170 systm.h
106a107,108
> extern int showallprocs;        /* how users see processes */
> 
Index: init_sysctl.c
===================================================================
RCS file: /cvsroot/src/sys/kern/init_sysctl.c,v
retrieving revision 1.24.2.4
diff -r1.24.2.4 init_sysctl.c
117a118
> static int sysctl_kern_showallprocs(SYSCTLFN_PROTO);
289a291,297
>         sysctl_createv(clog, 0, NULL, NULL,
> 	               CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
> 	               CTLTYPE_INT, "showallprocs",
> 	               SYSCTL_DESCR("Whether normal users can list all "
> 	                            "processes"),
> 		       sysctl_kern_showallprocs, 0, &showallprocs, 0,
> 		       CTL_KERN, KERN_SHOWALLPROCS, CTL_EOL);
1049a1058,1080
>  * sysctl helper function for kern.showallprocs. allowed values are 0 and 1.
>  */
> static int
> sysctl_kern_showallprocs(SYSCTLFN_ARGS)
> {
> 	int error, nshowallprocs;
> 	struct sysctlnode node;
> 	
> 	nshowallprocs = showallprocs;
> 	node = *rnode;
>         node.sysctl_data = &nshowallprocs;
> 	error = sysctl_lookup(SYSCTLFN_CALL(&node));
> 	if (error || newp == NULL)
> 		return (error);
>         if (nshowallprocs < 0 || nshowallprocs > 1)
> 		return (EINVAL);
> 
> 	showallprocs = nshowallprocs;
> 
> 	return (0);
> }
> 
> /*
1897a1929,1939
>                 /*
> 	 	 * If kern.showallprocs == 0, then skip processes that don't 
> 		 * match the UID of the calling process. Root is allowed to 
> 		 * see every process.
> 		 */
> 		if (!showallprocs)
> 			if (l->l_proc->p_ucred->cr_uid) 
> 				if (p->p_ucred->cr_uid != 
> 					l->l_proc->p_ucred->cr_uid)
> 						continue;
> 				
Index: kern_sysctl.c
===================================================================
RCS file: /cvsroot/src/sys/kern/kern_sysctl.c,v
retrieving revision 1.169.2.6
diff -r1.169.2.6 kern_sysctl.c
165a166,167
> int showallprocs = 1;
> 

--2fHTh5uZTiUOsy+g--