Subject: Re: kern.showallprocs implementation
To: Rui Paulo <>
From: Klaus Klein <>
List: tech-security
Date: 06/27/2004 21:30:40
On Sunday 27 June 2004 20:39, Rui Paulo wrote:
> On 2004.06.27 18:15:08 +0000, Wolfgang Solfrank wrote:
> > Note that you should do the suser() call only after being sure
> > that you need root priviledges here, i.e. first compare the
> > uids, then call suser().  The subtle difference being that
> > p_acflag records the fact that superuser priviledges were
> > neccessary for the process.
> Ok. Since this was a for cycle, I don't think that modifying p_acflag is
> really necessary. Just a simple uid check is necessary here IMHO.

No, Wolfgang is right about this.  If showallprocs is false,
the only way to have processes shown that don't have matching
uids is to make use of super-user privileges, and thus is needs
to be accounted for.

BTW, the description referring to "normal users" could be improved;
after all there are no users which aren't normal.  The autonicetime
node has some prior art: "non-root".

- Klaus