Re: Authorization without permanent setuid on helper
Re: Authorization without permanent setuid on helper
- Subject: Re: Authorization without permanent setuid on helper
- From: John Davidorff Pell <email@hidden>
- Date: Fri, 21 Jan 2005 21:16:06 -0800
Actually, ps on Mac OS X works at about 90% without the setuid bit. Try
making a copy of it on your desktop, without the setuid bit set, and
run it. It will look identical to output from the on in /bin. Add the
flags "aux" and it will only fail to report about command line
arguments and certain stats for non-current-user processes.
Also, I'd like to point out that the last 10% is missing only because
the BSD security model inherited from long ago is in need of some
updating. Certain kernel structures ought to be exposed to user-space,
such as most of what ps needs. (Some of it ought to stay hidden tough,
and ps shouldn't be apple to report it to random users, such as
command-line-args. There are some apple-supplied tools that require
your password specified on the command line! I think some of the
kerberos admin tools do, I forget its been a while.)
JP
On 21 Jan 2005, at 20:59, Andrew Farmer wrote:
On 21 Jan 2005, at 20:48, John Davidorff Pell wrote:
There is no need to be root to get a process list
Only on Linux is this true (thanks to /proc). Mac OS X and most BSDs
require that `ps' be suid so that it can poke around in kernel
structures.
--
if (message.signature==FUNNY) steal(message.signature); else
message=message->next;
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Cocoa-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden