Re: A few questions...
2007/7/26, John-Mark Gurney <gurney_j@resnet.uoregon.edu>:
> Victor Loureiro Lima wrote this message on Wed, Jul 25, 2007 at 12:14 -0300:
> > 2007/7/24, John-Mark Gurney <gurney_j@resnet.uoregon.edu>:
> > >Victor Loureiro Lima wrote this message on Tue, Jul 24, 2007 at 16:35
> > >-0300:
> > >> 2007/7/24, John-Mark Gurney <gurney_j@resnet.uoregon.edu>:
> > >> >Daniel Molina Wegener wrote this message on Mon, Jul 23, 2007 at 20:52
> > >> >-0400:
> > >> >> a) Is there any function or variable that tells me which is the
> > >> >> root user UID in the system, or root always have 0 and it's
> > >> >> an "elegant" option to compare the variables or structure
> > >> >> members against zero.
> > >> >
> > >> >#include <sys/conf.h>
> > >> >
> > >> >uid == UID_ROOT
> > >> >
> > >> >> b) Can normal users look for system processes or kernel threads?
> > >> >
> > >> >Yes, ps does this...
> > >> >
> > >>
> > >> ps(1) either elevates its priviledges during execution, or has some
> > >> other way of medling into the afairs of other processes that will
> > >> eventually need some higher priviledge status (either that, or I am
> > >> really out-dated on modern operational systems)
> > >
> > >hydrogen,ttypm,/home/johng,503$ls -l /bin/ps
> > >-r-xr-xr-x 1 root wheel 31372 May 8 2005 /bin/ps*
> > >
> > >So, as you see, no suid or sgid necessary for ps to function...
> > >FreeBSD exports most/all of the info through sysctl which does not
> > >require elevated privs to get...
> > >
> > >And ps doesn't medling.. it's just a voyeur..
> > hahaha I liked that phrase ;)
> >
> >
> > Check this out:
> > http://www.freebsd.org/cgi/cvsweb.cgi/src/bin/ps/ps.c?rev=1.106.2.2;content-type=text%2Fplain
> >
> > Turns out ps(1) uses libkvm, more specifically kvm_getprocs() function
> > (the function that I said was in the middle of my last experience on
> > getting process information from FreeBSD ;)) Im pretty sure it doesnt
> > get _any_ of its info thru sysctl's, but using the kvm interface which
> > is simple, clean and orthogonal, however I guess I was a little bit
> > incorrect in my last email, ps(1) in its common execution mode will
>
> Have you looked at the source to kvm_getprocs(3)?
> struct kinfo_proc *
> kvm_getprocs(kd, op, arg, cnt)
> [...]
> {
> [...]
> if (ISALIVE(kd)) {
> size = 0;
> mib[0] = CTL_KERN;
> mib[1] = KERN_PROC;
> mib[2] = op;
> mib[3] = arg;
> temp_op = op & ~KERN_PROC_INC_THREAD;
> st = sysctl(mib,
> temp_op == KERN_PROC_ALL || temp_op == KERN_PROC_PROC ?
> 3 : 4, NULL, &size, NULL, 0);
> [...]
>
> So, yes, ps isn't using sysctl directly, but kvm_getprocs is... And
> if you look at -current's ps(1):
> -a Display information about other users' processes as well as your
> own. This will skip any processes which do not have a control-
> ling terminal, unless the -x option is also specified. This can
> be disabled by setting the security.bsd.see_other_uids sysctl to
> zero.
>
> and security.bsd.see_other_uids defaults to 1...
Check-mate ;) I am defeated!!! But at least it was illustrative (for
me). But getting back on the topic, the prefered way is using
kvm_getprocs(3) (for historic purposes on the list ;))
cheers and hugs,
victor f. loureiro lima
_______________________________________________
freebsd-hackers@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org"
討論串 (同標題文章)
完整討論串 (本文為第 10 之 11 篇):