[25501] in bugtraq
Re: ps under FreeBSD
daemon@ATHENA.MIT.EDU (Yuri A. Kabaenkov)
Sat May 18 16:13:11 2002
Date: Sat, 18 May 2002 23:50:03 +0400
From: "Yuri A. Kabaenkov" <sec@artofit.com>
Reply-To: "Yuri A. Kabaenkov" <sec@artofit.com>
Message-ID: <68153316527.20020518235003@artofit.com>
To: bugtraq@securityfocus.com
In-Reply-To: <20020518204038.A41695@fremen.dhs.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Hello Jakub,
Saturday, May 18, 2002, 10:40:38 PM, you wrote:
There is another bug with this sysctl variable.
For example to see all processess with kern.ps_showallprocs=0 you can do this:
$ cd /proc;
$ for i in `ls`;do cat $i/cmdline;echo;done
/sbin/init--
/bin/sh/usr/local/bin/svscanboot
svscan/service
readproctitle
supervisepop3
superviselog
supervisesend
superviselog
supervisesmtp
superviselog
supervisednscache
superviselog
supervisetinydns
superviselog
superviseaxfrdns
superviselog
mysqld
/usr/local/bin/multilogt/var/log/qmail/pop3d
/usr/local/bin/tinydns
/usr/local/bin/tcpserver-D-H-R-x/home/vpopmail/etc/tcp.smtp.cdb-c25-u9002-g90010smtp/var/qmail/bin/qmail-smtpd
qmail-send
/usr/local/bin/multilogts1000000n20/var/log/qmail/send
/usr/local/bin/tcpserver-D-R-H-l00110/var/qmail/bin/qmail-popupmyhost.com/home/vpopmail/bin/vchkpw/var/qmail/bin/qmail-pop3dMaildir
/usr/local/bin/multilogt/var/log/qmail/smtp
/usr/local/bin/dnscache
multilogt./main
tcpserver-vDRHl0-xtcp.cdb--127.0.0.153/usr/local/bin/axfrdns
sploggerqmail
qmail-lspawn./Mailbox
qmail-rspawn
qmail-clean
multilogt./main
multilogt./main
/usr/local/pgsql/bin/postmaster-D/usr/local/pgsql/data-i-N512-B1024-F
/usr/local/sbin/snmpd-c/usr/local/share/snmp/snmpd.conf-usnmpd-gsnmpd
/usr/bin/perl/usr/local/bin/mrtg--user=dialer--group=dialer/home/dialer/mrtg.conf
/usr/libexec/gettyPcttyv0
/usr/libexec/gettyPcttyv1
/usr/libexec/gettyPcttyv2
/usr/libexec/gettyPcttyv3
/usr/libexec/gettyPcttyv4
/usr/libexec/gettyPcttyv5
/usr/libexec/gettyPcttyv6
/usr/libexec/gettyPcttyv7
pagedaemon
adjkerntz-i
/usr/local/apache/bin/httpd
/usr/local/apache/bin/httpd
/usr/local/apache/bin/httpd
/usr/local/apache/bin/httpd
/usr/local/apache/bin/httpd
/usr/local/apache/bin/httpd
/usr/local/apache/bin/httpd
/usr/local/apache/bin/httpd
/usr/local/apache/bin/httpd
/usr/local/apache/bin/httpd
/usr/local/apache/bin/httpd
/usr/local/apache/bin/httpd
/usr/local/apache/bin/httpd
/usr/local/apache/bin/httpd
/usr/local/apache/bin/httpd
/usr/local/apache/bin/httpd
/usr/local/apache/bin/httpd
/usr/local/apache/bin/httpd
/usr/local/apache/bin/httpd
/usr/local/apache/bin/httpd
/usr/local/apache/bin/httpd
/usr/local/apache/bin/httpd
/usr/local/apache/bin/httpd
/usr/local/apache/bin/httpd
/usr/local/apache/bin/httpd
/usr/local/apache/bin/httpd
/usr/local/apache/bin/httpd
/usr/local/apache/bin/httpd
/usr/local/apache/bin/httpd
/usr/local/apache/bin/httpd
/usr/local/apache/bin/httpd
/usr/local/apache/bin/httpd
/usr/local/apache/bin/httpd
/usr/local/apache/bin/httpd
/usr/local/apache/bin/httpd
/usr/local/apache/bin/httpd
/usr/local/apache/bin/httpd
/usr/local/apache/bin/httpd
/usr/local/apache/bin/httpd
/usr/local/apache/bin/httpd
/usr/local/apache/bin/httpd
/usr/local/apache/bin/httpd
/usr/local/apache/bin/httpd
/usr/local/apache/bin/httpd
/usr/local/apache/bin/httpd
/usr/local/apache/bin/httpd
/usr/local/apache/bin/httpd
/usr/local/apache/bin/httpd
/usr/local/apache/bin/httpd
/usr/local/apache/bin/httpd
/usr/local/apache/bin/httpd
/usr/local/apache/bin/httpd
/usr/local/apache/bin/httpd
/usr/local/apache/bin/httpd
/usr/local/apache/bin/httpd
/usr/local/apache/bin/httpd
/usr/local/apache/bin/httpd
/usr/local/apache/bin/httpd
/usr/local/apache/bin/httpd
/usr/local/apache/bin/httpd
/usr/local/apache/bin/httpd
/usr/local/apache/bin/httpd
/usr/local/apache/bin/httpd
/usr/local/apache/bin/httpd
/usr/local/apache/bin/httpd
/usr/local/apache/bin/httpd
/usr/local/apache/bin/httpd
/usr/local/apache/bin/httpd
/usr/local/apache/bin/httpd
/usr/local/apache/bin/httpd
/usr/local/apache/bin/httpd
/usr/local/apache/bin/httpd
/usr/local/apache/bin/httpd
/usr/local/apache/bin/httpd
/usr/local/apache/bin/httpd
/usr/local/apache/bin/httpd
/usr/local/apache/bin/httpd
/usr/local/apache/bin/httpd
/usr/local/apache/bin/httpd
/usr/local/apache/bin/httpd
/usr/local/apache/bin/httpd
/usr/local/apache/bin/httpd
/usr/local/apache/bin/httpd
/usr/local/apache/bin/httpd
/usr/local/apache/bin/httpd
/usr/local/apache/bin/httpd
/usr/local/apache/bin/httpd
/usr/local/apache/bin/httpd
/usr/local/apache/bin/httpd
/usr/local/apache/bin/httpd
/usr/local/apache/bin/httpd
/usr/local/apache/bin/httpd
/usr/local/apache/bin/httpd
/usr/local/apache/bin/httpd
/usr/local/apache/bin/httpd
/usr/local/apache/bin/httpd
/usr/local/apache/bin/httpd
/usr/local/apache/bin/httpd
/usr/local/apache/bin/httpd
/usr/local/apache/bin/httpd
/usr/local/apache/bin/httpd
/usr/local/apache/bin/httpd
/usr/local/apache/bin/httpd
/usr/local/apache/bin/httpd
/usr/local/apache/bin/httpd
/usr/local/apache/bin/httpd
/usr/local/apache/bin/httpd
/usr/local/apache/bin/httpd
/usr/local/apache/bin/httpd
/usr/local/apache/bin/httpd
/usr/local/apache/bin/httpd
/usr/local/apache/bin/httpd
/usr/local/apache/bin/httpd
/usr/local/apache/bin/httpd
/usr/local/apache/bin/httpd
/usr/local/apache/bin/httpd
/usr/local/apache/bin/httpd
/usr/local/apache/bin/httpd
/usr/local/apache/bin/httpd
/usr/local/apache/bin/httpd
/usr/local/apache/bin/httpd
/usr/local/apache/bin/httpd
/usr/local/apache/bin/httpd
/usr/local/apache/bin/httpd
/usr/local/apache/bin/httpd
/usr/local/apache/bin/httpd
/usr/local/apache/bin/httpd
/usr/local/apache/bin/httpd
vmdaemon
sshd: root@ttyp0
-bash
/usr/local/apache/bin/httpd
/usr/local/apache/bin/httpd
/usr/local/apache/bin/httpd
/usr/local/apache/bin/httpd
/usr/local/apache/bin/httpd
/usr/local/apache/bin/httpd
sshhellman@localhost
sshd: hellman@ttyp1
-bash
bufdaemon
/usr/local/apache/bin/httpd
syncer
postmaster: stats buffer process
postmaster: stats collector process
vnlrur
/usr/local/apache/bin/httpd
/usr/local/apache/bin/httpd
/usr/sbin/cron
/usr/local/apache/bin/httpd
/usr/local/apache/bin/httpd
cat: 7572/cmdline: No such file or directory
/usr/local/sbin/sshd
/usr/libexec/ftpd-D-t1800-l-l
/bin/sh/usr/local/mysql/bin/safe_mysqld--log-slow-queries--user=mysql--default-character-set=win1251--skip-name-resolve--set-variablemax_connections=5000
catcurproc/cmdline
---------
here you are :)
JF> Hi,
JF> I was playing with ps on FreeBSD with kern.ps_showallprocs=0 and I was
JF> surprised when I have seen that I may see info about running process, if I
JF> know it's ID
JF> sirat@fremen:ttyp3:~> ps -u5710
JF> USER PID %CPU %MEM VSZ RSS TT STAT STARTED TIME COMMAND
JF> seeba 5710 0,0 0,0 1388 0 p6 IWsJ - 0:00,00 -tcsh (tcsh)
JF> I may see also root's processes:
JF> sirat@fremen:ttyp3:~> ps -u205
JF> USER PID %CPU %MEM VSZ RSS TT STAT STARTED TIME COMMAND
JF> root 205 0,0 0,1 2064 264 ?? IsJ 9:23 0:00,05 /usr/sbin/sshd
JF> and ps axu gives:
JF> sirat@fremen:ttyp3:~> ps axu
JF> USER PID %CPU %MEM VSZ RSS TT STAT STARTED TIME COMMAND
JF> sirat 40384 0,0 0,1 428 272 p3 R+J 18:53 0:00,00 ps axu
JF> root 515 0,0 0,3 1744 600 ?? SsJ 9:26 0:19,97 screen
JF> sirat 516 0,0 0,0 1404 0 p2 IWsJ - 0:00,00 /bin/tcsh
JF> sirat 519 0,0 0,9 3996 1672 p2 S+J 9:26 0:51,67
JF> /usr/local/bin/irs
JF> sirat 588 0,0 0,5 1396 860 p0 IsJ 9:32 0:00,83 -tcsh (tcsh)
JF> sirat 1467 0,0 0,4 1400 844 p3 SsJ 9:37 0:00,52 -tcsh (tcsh)
JF> sirat 2183 0,0 0,0 1400 0 p5 IWs+J - 0:00,00 -tcsh (tcsh)
JF> sirat 4491 0,0 0,1 1604 124 p1 S+J 13:59 0:00,13 screen -r
JF> sirat 40359 0,0 0,9 2676 1660 p0 I+J 18:51 0:00,07 mutt
JF> sirat 40365 0,0 0,2 648 448 p0 I+J 18:51 0:00,01 sh -c joe '/home/s
JF> sirat 40366 0,0 0,5 1316 900 p0 S+J 18:51 0:00,12 joe /home/sirat/tm
JF> sirat 467 0,0 0,0 1396 0 p1 IWsJ - 0:00,00 -tcsh (tcsh)
JF> I think it may be seen as bug. What do You think?
JF> P.S. I have FreeBSD 4.6-PRERELEASE #0 and I checked it also on 4.5-STABLE
JF> P.P.S. It works like that: ps -<argument><pid> and the argument isn't needed
--
Best regards,
Yuri mailto:sec@artofit.com
