[28392] in bugtraq
Re: ps information leak in FreeBSD
daemon@ATHENA.MIT.EDU (Sean Kelly)
Mon Jan 6 21:37:00 2003
Date: Mon, 6 Jan 2003 15:19:36 -0600
From: Sean Kelly <smkelly@zombie.org>
To: Cache <cache@sowatech.com.pl>, security-officer@FreeBSD.org
Message-ID: <20030106211936.GA66238@edgemaster.zombie.org>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="G4iJoqBmSsgzjUCe"
Content-Disposition: inline
In-Reply-To: <20030105204650.M16523@sowatech.com.pl>
--G4iJoqBmSsgzjUCe
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Sun, Jan 05, 2003 at 08:46:50PM +0000, Cache wrote:
> [cache@silent][ttyv1] ~> sysctl -a | grep show
> kern.ps_showallprocs: 0
> [cache@silent][ttyv1] ~> ps -auxwwwp 101
> USER PID %CPU %MEM VSZ RSS TT STAT STARTED TIME COMMAND
> root 101 0,0 0,2 1020 740 ?? Is 0:12 0:00,01 /usr/sbin/cron
I've been aware of this problem for a long time, and in fact I made a patch
against 4.6-STABLE which can be applied to correct it. I am not sure how
portable it will be to 4.7-STABLE, but I imagine it would work.
Please see the relevent FreeBSD PR:
http://www.FreeBSD.org/cgi/query-pr.cgi?pr=3Dkern/42065
--=20
Sean Kelly | PGP KeyID: D2E5E296
smkelly@zombie.org | http://www.zombie.org
--G4iJoqBmSsgzjUCe
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (FreeBSD)
iD8DBQE+GfLnPm7A9NLl4pYRAusJAJ9/oIDUI+3W9jcPnT5EiNAKyWgvMACeJBZ+
nwJxU9+B1x1/RHzq3I0kjvw=
=6og6
-----END PGP SIGNATURE-----
--G4iJoqBmSsgzjUCe--
