Bugtraq mailing list archives

ps information leak in FreeBSD

From: "Cache" <cache () sowatech com pl>
Date: Mon, 6 Jan 2003 18:02:59 +0000

Nothing special, lame :)

Hi,

0x01 About
0x02 Practical
0x03 Conclusion
0x04 Install
0x05 End
0x06 Greetz

0x01 About:

Autor: Rafael Lesniak / 05012003 Hannover / cache () irc pl 
Sorry for My English

All: files are on:
http://www.sowatech.com.pl/cache/soft/proc-patch.tar.gz

This is a little information leak. This bug(?) is not dangerous, but
normal user can see all process on the box using ex. /bin/ps;

Affected Systems:
FreeBSD         :possible all
OpenBSD         :don't known
Linux           :don't known
Other           :don't known

0x02 Practical:

(I don't use /proc.)

Last login: Sun Jan  5 00:13:01 on ttyv0
Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994
    The Regents of the University of California.  All rights reserved.

FreeBSD 4.7-RELEASE (SILENT) #1: Sun Jan  5 00:10:51 GMT 2003

Welcome to FreeBSD!

[cache@silent][ttyv1] ~> grep "FreeBSD:" /usr/src/sys/i386/conf/LINT
# $FreeBSD: src/sys/i386/conf/LINT,v 1.749.2.124 2002/10/05 18:31:47 scottl 
Exp

[cache@silent][ttyv1] ~> sysctl -a | grep show
kern.ps_showallprocs: 0
[cache@silent][ttyv1] ~> ps -auxwwwp 101
USER   PID %CPU %MEM   VSZ  RSS  TT  STAT STARTED      TIME COMMAND
root   101  0,0  0,2  1020  740  ??  Is    0:12     0:00,01 /usr/sbin/cron

ps [-aCcefhjlmrSTuvwx] [-M core] [-N system] [-O fmt] [-o fmt] [-p pid]
    [-t tty] [-U username]

-p      Display information associated with the specified process ID.

--- cut ---

0x03 Conclusion:

I hope it is good idea to protect all process information 
(any way, for what We need kern.ps_showallprocs?)

[cache@silent][ttyv1] ~> cat info.sh
#!/bin/sh
pid=0;
while x=0; do
/bin/ps -auxwwwp $pid | /usr/bin/grep $pid;
pid=`expr $pid + 1`;
done

--- cut ---

See out.log how it works.

0x04 Install:

$ mkdir /tmp/patch
$ cp proc-patch.tar.gz /tmp/patch
$ cd /tmp/patch
$ tar -zxvf proc-patch.tar.gz
$ su
# patch -p0 < proc.patch

--- cut ---
...
--------------------------
|*** /usr/src/sys/kern/kern_proc.c      Tue May  1 13:39:06 2001
|--- /usr/src/sys/kern/kern_proc.c      Sun Jan  5 00:18:40 2003
--------------------------
Patching file /usr/src/sys/kern/kern_proc.c using Plan A...
Hunk #1 succeeded at 453.
done
--- cut --- 

configure Your kernel, compile, install and thats all.

0x05 End: 

I have make this little patch for My FreeBSD box, and this method 
doesn't work. May be it is possible to do, but this is not My
skill level );] ...

0x06 Greetz: 
    kador, Lam3rz, layon, ultor, neutrinka, !pl-bsd, and 
        all lamerz ...

## Rafal (cache) Lesniak   #######
CoSysOp cache /at/ sowatech.com.pl
### http://www.sowatech.com.pl ###

Current thread:

ps information leak in FreeBSD Cache (Jan 06)
- Re: ps information leak in FreeBSD Sean Kelly (Jan 06)
- Re: ps information leak in FreeBSD Jez Hancock (Jan 21)
  - Re: ps information leak in FreeBSD Sean Kelly (Jan 08)
  - Re: ps information leak in FreeBSD Crist J. Clark (Jan 21)
    - Re: ps information leak in FreeBSD Damien Miller (Jan 09)
    - Re: ps information leak in FreeBSD David M. Wilson (Jan 15)
- <Possible follow-ups>
- ps information leak in FreeBSD Cache (Jan 06)