[25516] in bugtraq
Re: ps under FreeBSD
daemon@ATHENA.MIT.EDU (Crist J. Clark)
Mon May 20 19:24:56 2002
Date: Sun, 19 May 2002 01:18:38 -0700
From: "Crist J. Clark" <crist.clark@attbi.com>
To: "Yuri A. Kabaenkov" <sec@artofit.com>
Cc: bugtraq@securityfocus.com
Message-ID: <20020519011838.F67779@blossom.cjclark.org>
Reply-To: cjclark@alum.mit.edu
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <68153316527.20020518235003@artofit.com>; from sec@artofit.com on Sat, May 18, 2002 at 11:50:03PM +0400
On Sat, May 18, 2002 at 11:50:03PM +0400, Yuri A. Kabaenkov wrote:
> Hello Jakub,
>
> Saturday, May 18, 2002, 10:40:38 PM, you wrote:
>
> There is another bug with this sysctl variable.
> For example to see all processess with kern.ps_showallprocs=0 you can do this:
>
> $ cd /proc;
The kern.ps_showallprocs sysctl(8) setting has absolutely no influence
on the procfs(5).
If you are interested in securing your system, you should not be
mounting a procfs(5) at all. It has a checkered security history, and
although there are no currently known holes (besides the treasure
trove of info it can leak), it is suspect. Very few things depend on
it (some obscure options of ps(1) are one of the few places it is
used).
--
Crist J. Clark | cjclark@alum.mit.edu
| cjclark@jhu.edu
http://people.freebsd.org/~cjc/ | cjc@freebsd.org
