Bugtraq: Re: ps information leak in FreeBSD

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Re: ps information leak in FreeBSD

From: Sean Kelly <smkelly () zombie org>
Date: Wed, 8 Jan 2003 10:39:03 -0600

On Tue, Jan 07, 2003 at 09:18:00AM +0000, Jez Hancock wrote:
...

It's annoying in that I see a lot of users running mysql with the -u and -p options:

mysql -u user -p mypassword

on the commandline, thinking that this info will not show up in ps listings when ps
is run by other users.  Ho hum...


As has already been pointed out, this is something that the application
should deal with. Despite this, FreeBSD also has a sysctl knob which will
protect against this.

(2) root:~$ sysctl kern.ps_argsopen=0
kern.ps_argsopen: 1 -> 0

This will prevent exactly the problem you describe, by making arguments not
viewable to other users (excluding root). IT also appears to take effect in
/proc, such as /proc/<pid>/cmdline.

This is present in FreeBSD 4.7-STABLE, at least.

-- 
Sean Kelly         | PGP KeyID: D2E5E296
smkelly () zombie org | http://www.zombie.org

Attachment: _bin
Description:

By Date By Thread

Current thread:

ps information leak in FreeBSD Cache (Jan 06)
- Re: ps information leak in FreeBSD Sean Kelly (Jan 06)
- Re: ps information leak in FreeBSD Jez Hancock (Jan 21)
  - Re: ps information leak in FreeBSD Sean Kelly (Jan 08)
  - Re: ps information leak in FreeBSD Crist J. Clark (Jan 21)
    - Re: ps information leak in FreeBSD Damien Miller (Jan 09)
    - Re: ps information leak in FreeBSD David M. Wilson (Jan 15)
- <Possible follow-ups>
- ps information leak in FreeBSD Cache (Jan 06)