cpcahil@virtech.uucp (Conor P. Cahill) (09/14/90)
In article <27773@pasteur.Berkeley.EDU> achoi@cory.Berkeley.EDU (CHOI ANDREW MAN-TAT) writes: > >1) How does 'ps' work? Where does it get the information about all > the processes running on the system? I suspect it may have It uses "/unix" (or whatever the kernel is named on your system) to get the addresses of where the data is. Then it reads /dev/kmem (using the addresses gotten from /unix) to get the data. Throw in /dev, and /etc/passwd and there you go (i.e. ps then has all the information it needs). > I don't have read/write permission on /dev/kmem, how can > 'ps' acquire the permission to read /dev/kmem? Is there a > setuid program exec by 'ps' to get root access? Do an ls -l of /bin/ps. It should be setuid or setgid (probably setgid). >2) Even after I do 'mesg n' or 'chmod og-rx /dev/tty?', other > users can still send me message through command 'wall', > how come? Is there anyway to prevent 'wall' from sending the > message? Maybe they are running as super-user? Then they will have access to the port no matter what you set the mode to. Wall is only supposed to be used for important system messages (like "system is going down in 10 seconds") so you shouldn't be getting to many of them. -- Conor P. Cahill (703)430-9247 Virtual Technologies, Inc., uunet!virtech!cpcahil 46030 Manekin Plaza, Suite 160 Sterling, VA 22170
josef@nixpbe.UUCP (Moellers) (09/17/90)
In <27773@pasteur.Berkeley.EDU> achoi@cory.Berkeley.EDU (CHOI ANDREW MAN-TAT) writes: >Hello world. This is my first posting to this newsgroup, please >accept my apology in advance if I have inadvertently violated any >netiquette. >I have the following 2 questions about command 'ps' and 'wall': >1) How does 'ps' work? Where does it get the information about all > the processes running on the system? I suspect it may have > something to do with /dev/kmem (Kernel Memory); however, since > I don't have read/write permission on /dev/kmem, how can > 'ps' acquire the permission to read /dev/kmem? Is there a > setuid program exec by 'ps' to get root access? It depends very much on your system: - the "classical" way is to give "ps" setuid root an have it access /dev/kmem, as You suspect. - on more "secure" systems, or distributed systems where there are more than one "kernel memories", there usually is some kind of server or a special system call to get process information. >2) Even after I do 'mesg n' or 'chmod og-rx /dev/tty?', other > users can still send me message through command 'wall', > how come? Is there anyway to prevent 'wall' from sending the > message? Hmm, maybe "wall" is setuid root? After all, "wall" sould only be used to alert users e.g. when the system goes down (if there is any time left B-{) >Thank you very much for your time and effort in answering these >questions. Much obliged, sir! -- | Josef Moellers | c/o Nixdorf Computer AG | | USA: mollers.pad@nixdorf.com | Abt. PXD-S14 | | !USA: mollers.pad@nixdorf.de | Heinz-Nixdorf-Ring | | Phone: (+49) 5251 104662 | D-4790 Paderborn |
craig@veritas.uucp (Craig Harmer) (09/26/90)
In article <27773@pasteur.Berkeley.EDU> achoi@cory.Berkeley.EDU (CHOI ANDREW MAN-TAT) writes: ... > >I have the following 2 questions about command 'ps' and 'wall': > >1) How does 'ps' work? Where does it get the information about all > the processes running on the system? I suspect it may have > something to do with /dev/kmem (Kernel Memory); however, since > I don't have read/write permission on /dev/kmem, how can > 'ps' acquire the permission to read /dev/kmem? Is there a > setuid program exec by 'ps' to get root access? yes, i reads /dev/kmem (kernel memory) to get the information. ps is generally setuid root, or (more intelligently) setgid sys (or whatever is relevant to your machine). when ps is executed, it runs with an "effective" group id of (see the setuid(2) man page). >2) Even after I do 'mesg n' or 'chmod og-rx /dev/tty?', other > users can still send me message through command 'wall', > how come? Is there anyway to prevent 'wall' from sending the > message? root can always write to your terminal; one of the priviledges of being root is having write permission on all files (including special files, like /dev/tty). "mesg n" or "chmod 0600 /dev/tty??" should prevent other people from writing to your tty. -- {apple,pyramid,amdahl}!veritas!craig craig@hoser.veritas.com (415) 626-6827 (h) (408) 433-5588 x220 (w) [views expressed above shouldn't be taken as Veritas' views, or your views or even as my views]