Subject: ps /proc changes (CVS commit: src)
To: None <>
From: Bernd Ernesti <>
List: tech-userlevel
Date: 03/27/1999 10:44:19
On Fri Mar 26 23:36:03 1999, Brian C. Grayson wrote:
> Module Name:	src
> Committed By:	bgrayson
> Date:		Fri Mar 26 22:36:03 UTC 1999
> Modified Files:
> 	src/bin/ps: Makefile extern.h ps.1 ps.c
> Added Files:
> 	src/bin/ps: procfs_ops.c
> Log Message:
> Added experimental fallback /proc-based lookup.  Warnings are printed when the
> fallback method is used, as the results could be untrustworthy if an
> intruder is present.  It is highly likely that NetBSD-1.5 will have
> an improved kvm interface for reading process information, at which
> point this code can be garbage-collected.  Also added a word to the
> man page -x option description while I was here.

You only check if /proc/1/status exists and an readonly /proc.

I think that is not enough. You have to check that /proc is an procfs.

It is just to easy to fake processes for an intruder without replacing ps.

You later send a warning that the results could be wrong. This is a good idea
but it would be better to check for an procfs and not send this 6 lines
at the bottom of the output which length the ps output.

Quoting from your code: "Attempting experimental, insecure /proc-based method."

There is no way to disable the /proc search when there is a problem between
the ps binary and the kernel.

It doesn't look so good when you say experimental but give no way to disable it.