Thanks, Michael. Leave it to me to forget to update the documentation..
Here's the patch with the manpage change:
Index: sys/kern/kern_sysctl.c
===================================================================
RCS file: /cvs/src/sys/kern/kern_sysctl.c,v
retrieving revision 1.320
diff -u -p -u -r1.320 kern_sysctl.c
--- sys/kern/kern_sysctl.c 11 Nov 2016 18:59:09 -0000 1.320
+++ sys/kern/kern_sysctl.c 4 Dec 2016 20:43:53 -0000
@@ -263,6 +263,7 @@ size_t disknameslen;
struct diskstats *diskstats = NULL;
size_t diskstatslen;
int securelevel;
+int seeotheruids = 1; /* on by default */
/*
* kernel related system variables.
@@ -632,6 +633,13 @@ kern_sysctl(int *name, u_int namelen, vo
dnsjackport = port;
return 0;
}
+ case KERN_SEEOTHERUIDS: {
+ if (securelevel > 0)
+ return (sysctl_rdint(oldp, oldlenp, newp,
+ seeotheruids));
+ return (sysctl_int(oldp, oldlenp, newp, newlen,
+ &seeotheruids));
+ }
default:
return (EOPNOTSUPP);
}
@@ -1427,7 +1435,8 @@ sysctl_doproc(int *name, u_int namelen,
int arg, buflen, doingzomb, elem_size, elem_count;
int error, needed, op;
int dothreads = 0;
- int show_pointers;
+ int is_suser, show_pointers, show_otheruids;
+ uid_t euid;
dp = where;
buflen = where != NULL ? *sizep : 0;
@@ -1444,7 +1453,10 @@ sysctl_doproc(int *name, u_int namelen,
dothreads = op & KERN_PROC_SHOW_THREADS;
op &= ~KERN_PROC_SHOW_THREADS;
- show_pointers = suser(curproc, 0) == 0;
+ is_suser = suser(curproc, 0) == 0;
+ show_pointers = is_suser;
+ show_otheruids = seeotheruids || is_suser;
+ euid = curproc->p_ucred->cr_uid;
if (where != NULL)
kproc = malloc(sizeof(*kproc), M_TEMP, M_WAITOK);
@@ -1461,6 +1473,9 @@ again:
* Skip embryonic processes.
*/
if (pr->ps_flags & PS_EMBRYO)
+ continue;
+
+ if (!show_otheruids && pr->ps_ucred->cr_uid != euid)
continue;
/*
Index: sys/sys/sysctl.h
===================================================================
RCS file: /cvs/src/sys/sys/sysctl.h,v
retrieving revision 1.170
diff -u -p -u -r1.170 sysctl.h
--- sys/sys/sysctl.h 7 Nov 2016 00:26:32 -0000 1.170
+++ sys/sys/sysctl.h 4 Dec 2016 20:43:55 -0000
@@ -184,7 +184,8 @@ struct ctlname {
#define KERN_GLOBAL_PTRACE 81 /* allow ptrace globally */
#define KERN_CONSBUFSIZE 82 /* int: console message buffer
size */
#define KERN_CONSBUF 83 /* console message buffer */
-#define KERN_MAXID 84 /* number of valid kern ids */
+#define KERN_SEEOTHERUIDS 84 /* see other users' proceesses
*/
+#define KERN_MAXID 85 /* number of valid kern ids */
#define CTL_KERN_NAMES { \
{ 0, 0 }, \
@@ -269,6 +270,9 @@ struct ctlname {
{ "proc_nobroadcastkill", CTLTYPE_NODE }, \
{ "proc_vmmap", CTLTYPE_NODE }, \
{ "global_ptrace", CTLTYPE_INT }, \
+ { "gap", 0 }, \
+ { "gap", 0 }, \
+ { "see_other_uids", CTLTYPE_INT }, \
}
/*
Index: sbin/sysctl/sysctl.8
===================================================================
RCS file: /cvs/src/sbin/sysctl/sysctl.8,v
retrieving revision 1.208
diff -u -p -u -r1.208 sysctl.8
--- sbin/sysctl/sysctl.8 15 Oct 2016 14:43:53 -0000 1.208
+++ sbin/sysctl/sysctl.8 5 Dec 2016 02:04:52 -0000
@@ -194,6 +194,7 @@ and a few require a kernel compiled with
.It kern.wxabort Ta integer Ta yes
.It kern.consdev Ta string Ta no
.It kern.global_ptrace Ta integer Ta yes
+.It kern.see_other_uids Ta integer Ta yes
.It vm.vmmeter Ta struct Ta no
.It vm.loadavg Ta struct Ta no
.It vm.psstrings Ta struct Ta no
On Mon, Dec 05, 2016 at 08:55:19AM +0800, Michael W. Bombardieri wrote:
> Should this patch also add see_other_uids in sysctl(8) manual?
>
> On Sun, Dec 04, 2016 at 07:49:12PM -0500, Ian Walker wrote:
> > (( Resending my last from a client that (hopefully) won't mangle the email.
> > Sorry about the noise, folks. ))
> >
> >
> > Hello OpenBSD Community -
> >
> > OpenBSD should have the ability to prevent users from seeing each other's
> > processes even if this ability is disabled by default.
> > In addition to the small security benefit this provides, it also affords
> > each user a much greater amount of privacy. Linux and
> > FreeBSD already support similar features (
> > https://www.cyberciti.biz/faq/linux-hide-processes-from-other-users/ &&
> > https://www.cyberciti.biz/faq/freebsd-disable-ps-sockstat-command-information-leakage/
> > ) and the implementation itself is fairly
> > trivial.
> >
> > Below is a patch which implements basic process hiding for non-superusers
> > and is activated with a sysctl knob. Similar to that of
> > FreeBSD it is called "kern.see_other_uids¨. The idea is that if process
> > spying is a security or privacy concern for you, you
> > would add "kern.see_other_uids=0" to sysctl.conf and reboot (assuming
> > securelevel > 0).
> >
> > I look forward to your comments.
> >
> > Thanks and cheers all -
> > Ian Walker
> >
> >
> >
> > Index: sys/kern/kern_sysctl.c
> > ===================================================================
> > RCS file: /cvs/src/sys/kern/kern_sysctl.c,v
> > retrieving revision 1.320
> > diff -u -p -u -r1.320 kern_sysctl.c
> > --- sys/kern/kern_sysctl.c 11 Nov 2016 18:59:09 -0000 1.320
> > +++ sys/kern/kern_sysctl.c 4 Dec 2016 20:43:53 -0000
> > @@ -263,6 +263,7 @@ size_t disknameslen;
> > struct diskstats *diskstats = NULL;
> > size_t diskstatslen;
> > int securelevel;
> > +int seeotheruids = 1; /* on by default */
> >
> > /*
> > * kernel related system variables.
> > @@ -632,6 +633,13 @@ kern_sysctl(int *name, u_int namelen, vo
> > dnsjackport = port;
> > return 0;
> > }
> > + case KERN_SEEOTHERUIDS: {
> > + if (securelevel > 0)
> > + return (sysctl_rdint(oldp, oldlenp, newp,
> > + seeotheruids));
> > + return (sysctl_int(oldp, oldlenp, newp, newlen,
> > + &seeotheruids));
> > + }
> > default:
> > return (EOPNOTSUPP);
> > }
> > @@ -1427,7 +1435,8 @@ sysctl_doproc(int *name, u_int namelen,
> > int arg, buflen, doingzomb, elem_size, elem_count;
> > int error, needed, op;
> > int dothreads = 0;
> > - int show_pointers;
> > + int is_suser, show_pointers, show_otheruids;
> > + uid_t euid;
> >
> > dp = where;
> > buflen = where != NULL ? *sizep : 0;
> > @@ -1444,7 +1453,10 @@ sysctl_doproc(int *name, u_int namelen,
> > dothreads = op & KERN_PROC_SHOW_THREADS;
> > op &= ~KERN_PROC_SHOW_THREADS;
> >
> > - show_pointers = suser(curproc, 0) == 0;
> > + is_suser = suser(curproc, 0) == 0;
> > + show_pointers = is_suser;
> > + show_otheruids = seeotheruids || is_suser;
> > + euid = curproc->p_ucred->cr_uid;
> >
> > if (where != NULL)
> > kproc = malloc(sizeof(*kproc), M_TEMP, M_WAITOK);
> > @@ -1461,6 +1473,9 @@ again:
> > * Skip embryonic processes.
> > */
> > if (pr->ps_flags & PS_EMBRYO)
> > + continue;
> > +
> > + if (!show_otheruids && pr->ps_ucred->cr_uid != euid)
> > continue;
> >
> > /*
> > Index: sys/sys/sysctl.h
> > ===================================================================
> > RCS file: /cvs/src/sys/sys/sysctl.h,v
> > retrieving revision 1.170
> > diff -u -p -u -r1.170 sysctl.h
> > --- sys/sys/sysctl.h 7 Nov 2016 00:26:32 -0000 1.170
> > +++ sys/sys/sysctl.h 4 Dec 2016 20:43:55 -0000
> > @@ -184,7 +184,8 @@ struct ctlname {
> > #define KERN_GLOBAL_PTRACE 81 /* allow ptrace globally */
> > #define KERN_CONSBUFSIZE 82 /* int: console message buffer size */
> > #define KERN_CONSBUF 83 /* console message buffer */
> > -#define KERN_MAXID 84 /* number of valid kern ids */
> > +#define KERN_SEEOTHERUIDS 84 /* see other users' proceesses */
> > +#define KERN_MAXID 85 /* number of valid kern ids */
> >
> > #define CTL_KERN_NAMES { \
> > { 0, 0 }, \
> > @@ -269,6 +270,9 @@ struct ctlname {
> > { "proc_nobroadcastkill", CTLTYPE_NODE }, \
> > { "proc_vmmap", CTLTYPE_NODE }, \
> > { "global_ptrace", CTLTYPE_INT }, \
> > + { "gap", 0 }, \
> > + { "gap", 0 }, \
> > + { "see_other_uids", CTLTYPE_INT }, \
> > }
> >
> > /*
> >
>
