Subject: ps /proc changes (CVS commit: src)
To: None <firstname.lastname@example.org>
From: Bernd Ernesti <email@example.com>
Date: 03/27/1999 10:44:19
On Fri Mar 26 23:36:03 1999, Brian C. Grayson wrote:
> Module Name: src
> Committed By: bgrayson
> Date: Fri Mar 26 22:36:03 UTC 1999
> Modified Files:
> src/bin/ps: Makefile extern.h ps.1 ps.c
> Added Files:
> src/bin/ps: procfs_ops.c
> Log Message:
> Added experimental fallback /proc-based lookup. Warnings are printed when the
> fallback method is used, as the results could be untrustworthy if an
> intruder is present. It is highly likely that NetBSD-1.5 will have
> an improved kvm interface for reading process information, at which
> point this code can be garbage-collected. Also added a word to the
> man page -x option description while I was here.
You only check if /proc/1/status exists and an readonly /proc.
I think that is not enough. You have to check that /proc is an procfs.
It is just to easy to fake processes for an intruder without replacing ps.
You later send a warning that the results could be wrong. This is a good idea
but it would be better to check for an procfs and not send this 6 lines
at the bottom of the output which length the ps output.
Quoting from your code: "Attempting experimental, insecure /proc-based method."
There is no way to disable the /proc search when there is a problem between
the ps binary and the kernel.
It doesn't look so good when you say experimental but give no way to disable it.