Bug 30608

Summary: kern.ps_showallproc=0 doesn't limit queries for a single pid
Product: Base System Reporter: _ <_>
Component: kernAssignee: freebsd-bugs (Nobody) <bugs>
Status: Closed FIXED    
Severity: Affects Only Me    
Priority: Normal    
Version: 4.4-STABLE   
Hardware: Any   
OS: Any   
Attachments:
Description Flags
file.diff none

Description _ 2001-09-16 17:00:00 UTC 
	Even though kern.ps_showallproc is set to 0, users can still 
	see others users processes if querying information about a single	
	pid. (KERN_PROC_PID) This way they could still obtain information
	about all processes by querying pid for pid.

	This is fixed in current, but not in 4.4-STABLE.

Fix: This is a patch which resolves this problem using the 4.4 checking
	function (p_trespass):
How-To-Repeat: 
	Set sysctl -w kern.ps_showallproc=0 and then do a ps 1 from a user
	account for example.
Comment 1 Maxim Konovalov freebsd_committer freebsd_triage 2004-07-18 07:46:05 UTC 
State Changed
From-To: open->patched

The issue was fixed in HEAD, there are security.bsd.see_other_uids and 
security.bsd.see_other_gids sysctls.  I do not think there are any plans 
to backports this infrastructure to RELENG_4 though. 
Thanks for the submission!
Comment 2 Gavin Atkinson freebsd_committer freebsd_triage 2007-06-09 19:54:24 UTC 
State Changed
From-To: patched->closed

Fixed in all supported FreeBSD releases