tech-security: Re: kern.showallprocs implementation

Subject: Re: kern.showallprocs implementation
To: matthew green <mrg@eterna.com.au>
From: Klaus Klein <kleink@mibh.de>
List: tech-security
Date: 06/26/2004 10:27:29

On Saturday 26 June 2004 04:04, matthew green wrote:

>    1897a1929,1939
>    >                 /*
>    > 	 	 * If kern.showallprocs == 0, then skip processes that don't 
>    > 		 * match the UID of the calling process. Root is allowed to 
>    > 		 * see every process.
>    > 		 */
>    > 		if (!showallprocs)
>    > 			if (l->l_proc->p_ucred->cr_uid) 
>    > 				if (p->p_ucred->cr_uid != 
>    > 					l->l_proc->p_ucred->cr_uid)
>    > 						continue;
> 
> any reason this isn't written as:
> 	continue;
> 	if (!showallprocs && l->l_proc->p_ucred->cr_uid &&
> 	    p->p_ucred->cr_uid != l->l_proc->p_ucred->cr_uid)
> 		continue;

Why isn't this using suser(9)?


- Klaus