Should this patch also add see_other_uids in sysctl(8) manual?
On Sun, Dec 04, 2016 at 07:49:12PM -0500, Ian Walker wrote:
> (( Resending my last from a client that (hopefully) won't mangle the email.
> Sorry about the noise, folks. ))
>
>
> Hello OpenBSD Community -
>
> OpenBSD should have the ability to prevent users from seeing each other's
> processes even if this ability is disabled by default.
> In addition to the small security benefit this provides, it also affords each
> user a much greater amount of privacy. Linux and
> FreeBSD already support similar features (
> https://www.cyberciti.biz/faq/linux-hide-processes-from-other-users/ &&
> https://www.cyberciti.biz/faq/freebsd-disable-ps-sockstat-command-information-leakage/
> ) and the implementation itself is fairly
> trivial.
>
> Below is a patch which implements basic process hiding for non-superusers and
> is activated with a sysctl knob. Similar to that of
> FreeBSD it is called "kern.see_other_uids??. The idea is that if process
> spying is a security or privacy concern for you, you
> would add "kern.see_other_uids=0" to sysctl.conf and reboot (assuming
> securelevel > 0).
>
> I look forward to your comments.
>
> Thanks and cheers all -
> Ian Walker
>
>
>
> Index: sys/kern/kern_sysctl.c
> ===================================================================
> RCS file: /cvs/src/sys/kern/kern_sysctl.c,v
> retrieving revision 1.320
> diff -u -p -u -r1.320 kern_sysctl.c
> --- sys/kern/kern_sysctl.c 11 Nov 2016 18:59:09 -0000 1.320
> +++ sys/kern/kern_sysctl.c 4 Dec 2016 20:43:53 -0000
> @@ -263,6 +263,7 @@ size_t disknameslen;
> struct diskstats *diskstats = NULL;
> size_t diskstatslen;
> int securelevel;
> +int seeotheruids = 1; /* on by default */
>
> /*
> * kernel related system variables.
> @@ -632,6 +633,13 @@ kern_sysctl(int *name, u_int namelen, vo
> dnsjackport = port;
> return 0;
> }
> + case KERN_SEEOTHERUIDS: {
> + if (securelevel > 0)
> + return (sysctl_rdint(oldp, oldlenp, newp,
> + seeotheruids));
> + return (sysctl_int(oldp, oldlenp, newp, newlen,
> + &seeotheruids));
> + }
> default:
> return (EOPNOTSUPP);
> }
> @@ -1427,7 +1435,8 @@ sysctl_doproc(int *name, u_int namelen,
> int arg, buflen, doingzomb, elem_size, elem_count;
> int error, needed, op;
> int dothreads = 0;
> - int show_pointers;
> + int is_suser, show_pointers, show_otheruids;
> + uid_t euid;
>
> dp = where;
> buflen = where != NULL ? *sizep : 0;
> @@ -1444,7 +1453,10 @@ sysctl_doproc(int *name, u_int namelen,
> dothreads = op & KERN_PROC_SHOW_THREADS;
> op &= ~KERN_PROC_SHOW_THREADS;
>
> - show_pointers = suser(curproc, 0) == 0;
> + is_suser = suser(curproc, 0) == 0;
> + show_pointers = is_suser;
> + show_otheruids = seeotheruids || is_suser;
> + euid = curproc->p_ucred->cr_uid;
>
> if (where != NULL)
> kproc = malloc(sizeof(*kproc), M_TEMP, M_WAITOK);
> @@ -1461,6 +1473,9 @@ again:
> * Skip embryonic processes.
> */
> if (pr->ps_flags & PS_EMBRYO)
> + continue;
> +
> + if (!show_otheruids && pr->ps_ucred->cr_uid != euid)
> continue;
>
> /*
> Index: sys/sys/sysctl.h
> ===================================================================
> RCS file: /cvs/src/sys/sys/sysctl.h,v
> retrieving revision 1.170
> diff -u -p -u -r1.170 sysctl.h
> --- sys/sys/sysctl.h 7 Nov 2016 00:26:32 -0000 1.170
> +++ sys/sys/sysctl.h 4 Dec 2016 20:43:55 -0000
> @@ -184,7 +184,8 @@ struct ctlname {
> #define KERN_GLOBAL_PTRACE 81 /* allow ptrace globally */
> #define KERN_CONSBUFSIZE 82 /* int: console message buffer size */
> #define KERN_CONSBUF 83 /* console message buffer */
> -#define KERN_MAXID 84 /* number of valid kern ids */
> +#define KERN_SEEOTHERUIDS 84 /* see other users' proceesses */
> +#define KERN_MAXID 85 /* number of valid kern ids */
>
> #define CTL_KERN_NAMES { \
> { 0, 0 }, \
> @@ -269,6 +270,9 @@ struct ctlname {
> { "proc_nobroadcastkill", CTLTYPE_NODE }, \
> { "proc_vmmap", CTLTYPE_NODE }, \
> { "global_ptrace", CTLTYPE_INT }, \
> + { "gap", 0 }, \
> + { "gap", 0 }, \
> + { "see_other_uids", CTLTYPE_INT }, \
> }
>
> /*
>
