Re: KERNEL PATCH: add process hiding (fixed)
Thanks, Michael. Leave it to me to forget to update the documentation.. Here's the patch with the manpage change: Index: sys/kern/kern_sysctl.c === RCS file: /cvs/src/sys/kern/kern_sysctl.c,v retrieving revision 1.320 diff -u -p -u -r1.320 kern_sysctl.c --- sys/kern/kern_sysctl.c 11 Nov 2016 18:59:09 - 1.320 +++ sys/kern/kern_sysctl.c 4 Dec 2016 20:43:53 - @@ -263,6 +263,7 @@ size_t disknameslen; struct diskstats *diskstats = NULL; size_t diskstatslen; int securelevel; +int seeotheruids = 1; /* on by default */ /* * kernel related system variables. @@ -632,6 +633,13 @@ kern_sysctl(int *name, u_int namelen, vo dnsjackport = port; return 0; } + case KERN_SEEOTHERUIDS: { + if (securelevel > 0) + return (sysctl_rdint(oldp, oldlenp, newp, + seeotheruids)); + return (sysctl_int(oldp, oldlenp, newp, newlen, + )); + } default: return (EOPNOTSUPP); } @@ -1427,7 +1435,8 @@ sysctl_doproc(int *name, u_int namelen, int arg, buflen, doingzomb, elem_size, elem_count; int error, needed, op; int dothreads = 0; - int show_pointers; + int is_suser, show_pointers, show_otheruids; + uid_t euid; dp = where; buflen = where != NULL ? *sizep : 0; @@ -1444,7 +1453,10 @@ sysctl_doproc(int *name, u_int namelen, dothreads = op & KERN_PROC_SHOW_THREADS; op &= ~KERN_PROC_SHOW_THREADS; - show_pointers = suser(curproc, 0) == 0; + is_suser = suser(curproc, 0) == 0; + show_pointers = is_suser; + show_otheruids = seeotheruids || is_suser; + euid = curproc->p_ucred->cr_uid; if (where != NULL) kproc = malloc(sizeof(*kproc), M_TEMP, M_WAITOK); @@ -1461,6 +1473,9 @@ again: * Skip embryonic processes. */ if (pr->ps_flags & PS_EMBRYO) + continue; + + if (!show_otheruids && pr->ps_ucred->cr_uid != euid) continue; /* Index: sys/sys/sysctl.h === RCS file: /cvs/src/sys/sys/sysctl.h,v retrieving revision 1.170 diff -u -p -u -r1.170 sysctl.h --- sys/sys/sysctl.h7 Nov 2016 00:26:32 - 1.170 +++ sys/sys/sysctl.h4 Dec 2016 20:43:55 - @@ -184,7 +184,8 @@ struct ctlname { #defineKERN_GLOBAL_PTRACE 81 /* allow ptrace globally */ #defineKERN_CONSBUFSIZE82 /* int: console message buffer size */ #defineKERN_CONSBUF83 /* console message buffer */ -#defineKERN_MAXID 84 /* number of valid kern ids */ +#defineKERN_SEEOTHERUIDS 84 /* see other users' proceesses */ +#defineKERN_MAXID 85 /* number of valid kern ids */ #defineCTL_KERN_NAMES { \ { 0, 0 }, \ @@ -269,6 +270,9 @@ struct ctlname { { "proc_nobroadcastkill", CTLTYPE_NODE }, \ { "proc_vmmap", CTLTYPE_NODE }, \ { "global_ptrace", CTLTYPE_INT }, \ + { "gap", 0 }, \ + { "gap", 0 }, \ + { "see_other_uids", CTLTYPE_INT }, \ } /* Index: sbin/sysctl/sysctl.8 === RCS file: /cvs/src/sbin/sysctl/sysctl.8,v retrieving revision 1.208 diff -u -p -u -r1.208 sysctl.8 --- sbin/sysctl/sysctl.815 Oct 2016 14:43:53 - 1.208 +++ sbin/sysctl/sysctl.85 Dec 2016 02:04:52 - @@ -194,6 +194,7 @@ and a few require a kernel compiled with .It kern.wxabort Ta integer Ta yes .It kern.consdev Ta string Ta no .It kern.global_ptrace Ta integer Ta yes +.It kern.see_other_uids Ta integer Ta yes .It vm.vmmeter Ta struct Ta no .It vm.loadavg Ta struct Ta no .It vm.psstrings Ta struct Ta no On Mon, Dec 05, 2016 at 08:55:19AM +0800, Michael W. Bombardieri wrote: > Should this patch also add see_other_uids in sysctl(8) manual? > > On Sun, Dec 04, 2016 at 07:49:12PM -0500, Ian Walker wrote: > > (( Resending my last from a client that (hopefully) won't mangle the email. > >Sorry about the noise, folks. )) > > > > > > Hello OpenBSD Community - > > > > OpenBSD should have the ability to prevent users from seeing each other's > > processes even if this ability is disabled by default. > > In addition to the small security benefit this provides, it also affords > > each user a much greater amount of privacy. Linux and > > FreeBSD already support similar features ( > > https://www.cyberciti.biz/faq/linux-hide-processes-from-other-users/ && > > https://www.cyberciti.biz/faq/freebsd-disable-ps-sockstat-command-information-leakage/ > > ) and the implementation itself is fairly > > trivial. > > > > Below is a patch which implements
Re: KERNEL PATCH: add process hiding (fixed)
Should this patch also add see_other_uids in sysctl(8) manual? On Sun, Dec 04, 2016 at 07:49:12PM -0500, Ian Walker wrote: > (( Resending my last from a client that (hopefully) won't mangle the email. >Sorry about the noise, folks. )) > > > Hello OpenBSD Community - > > OpenBSD should have the ability to prevent users from seeing each other's > processes even if this ability is disabled by default. > In addition to the small security benefit this provides, it also affords each > user a much greater amount of privacy. Linux and > FreeBSD already support similar features ( > https://www.cyberciti.biz/faq/linux-hide-processes-from-other-users/ && > https://www.cyberciti.biz/faq/freebsd-disable-ps-sockstat-command-information-leakage/ > ) and the implementation itself is fairly > trivial. > > Below is a patch which implements basic process hiding for non-superusers and > is activated with a sysctl knob. Similar to that of > FreeBSD it is called "kern.see_other_uids??. The idea is that if process > spying is a security or privacy concern for you, you > would add "kern.see_other_uids=0" to sysctl.conf and reboot (assuming > securelevel > 0). > > I look forward to your comments. > > Thanks and cheers all - > Ian Walker > > > > Index: sys/kern/kern_sysctl.c > === > RCS file: /cvs/src/sys/kern/kern_sysctl.c,v > retrieving revision 1.320 > diff -u -p -u -r1.320 kern_sysctl.c > --- sys/kern/kern_sysctl.c11 Nov 2016 18:59:09 -1.320 > +++ sys/kern/kern_sysctl.c4 Dec 2016 20:43:53 - > @@ -263,6 +263,7 @@ size_t disknameslen; > struct diskstats *diskstats = NULL; > size_t diskstatslen; > int securelevel; > +int seeotheruids = 1; /* on by default */ > > /* > * kernel related system variables. > @@ -632,6 +633,13 @@ kern_sysctl(int *name, u_int namelen, vo > dnsjackport = port; > return 0; > } > +case KERN_SEEOTHERUIDS: { > +if (securelevel > 0) > +return (sysctl_rdint(oldp, oldlenp, newp, > +seeotheruids)); > +return (sysctl_int(oldp, oldlenp, newp, newlen, > +)); > +} > default: > return (EOPNOTSUPP); > } > @@ -1427,7 +1435,8 @@ sysctl_doproc(int *name, u_int namelen, > int arg, buflen, doingzomb, elem_size, elem_count; > int error, needed, op; > int dothreads = 0; > -int show_pointers; > +int is_suser, show_pointers, show_otheruids; > +uid_t euid; > > dp = where; > buflen = where != NULL ? *sizep : 0; > @@ -1444,7 +1453,10 @@ sysctl_doproc(int *name, u_int namelen, > dothreads = op & KERN_PROC_SHOW_THREADS; > op &= ~KERN_PROC_SHOW_THREADS; > > -show_pointers = suser(curproc, 0) == 0; > +is_suser = suser(curproc, 0) == 0; > +show_pointers = is_suser; > +show_otheruids = seeotheruids || is_suser; > +euid = curproc->p_ucred->cr_uid; > > if (where != NULL) > kproc = malloc(sizeof(*kproc), M_TEMP, M_WAITOK); > @@ -1461,6 +1473,9 @@ again: > * Skip embryonic processes. > */ > if (pr->ps_flags & PS_EMBRYO) > +continue; > + > +if (!show_otheruids && pr->ps_ucred->cr_uid != euid) > continue; > > /* > Index: sys/sys/sysctl.h > === > RCS file: /cvs/src/sys/sys/sysctl.h,v > retrieving revision 1.170 > diff -u -p -u -r1.170 sysctl.h > --- sys/sys/sysctl.h7 Nov 2016 00:26:32 -1.170 > +++ sys/sys/sysctl.h4 Dec 2016 20:43:55 - > @@ -184,7 +184,8 @@ struct ctlname { > #defineKERN_GLOBAL_PTRACE81/* allow ptrace globally */ > #defineKERN_CONSBUFSIZE82/* int: console message buffer size */ > #defineKERN_CONSBUF83/* console message buffer */ > -#defineKERN_MAXID84/* number of valid kern ids */ > +#defineKERN_SEEOTHERUIDS84/* see other users' proceesses */ > +#defineKERN_MAXID85/* number of valid kern ids */ > > #defineCTL_KERN_NAMES { \ > { 0, 0 }, \ > @@ -269,6 +270,9 @@ struct ctlname { > { "proc_nobroadcastkill", CTLTYPE_NODE }, \ > { "proc_vmmap", CTLTYPE_NODE }, \ > { "global_ptrace", CTLTYPE_INT }, \ > +{ "gap", 0 }, \ > +{ "gap", 0 }, \ > +{ "see_other_uids", CTLTYPE_INT }, \ > } > > /* >
Re: doas.conf(5): clarify args
Ingo Schwarze wrote: > Hi, > > Anton Lindqvist wrote on Fri, Dec 02, 2016 at 10:40:16AM +0100: > > > Make it clear that args is a keyword followed by zero or more arguments. > > Your argument makes sense to me, we generally don't use "..." > to imply a preceding .Ar, but we use it to indicate that the > preceding .Ar can be repeated. So yes, this may be confusing. > > > Unfortunately, the grammar format no longer fits on a single line even > > with the offset removed. > > That is ugly indeed and makes the overview line harder to read. > > I think we can avoid the confusion by being more explicit in the > description, but keep the overview concise. > > Any OKs for the following version? i guess. What does No do? I don't see any difference. I definitely would prefer to avoid long strings of ]].
KERNEL PATCH: add process hiding (fixed)
(( Resending my last from a client that (hopefully) won't mangle the email. Sorry about the noise, folks. )) Hello OpenBSD Community - OpenBSD should have the ability to prevent users from seeing each other's processes even if this ability is disabled by default. In addition to the small security benefit this provides, it also affords each user a much greater amount of privacy. Linux and FreeBSD already support similar features ( https://www.cyberciti.biz/faq/linux-hide-processes-from-other-users/ && https://www.cyberciti.biz/faq/freebsd-disable-ps-sockstat-command-information-leakage/ ) and the implementation itself is fairly trivial. Below is a patch which implements basic process hiding for non-superusers and is activated with a sysctl knob. Similar to that of FreeBSD it is called "kern.see_other_uids¨. The idea is that if process spying is a security or privacy concern for you, you would add "kern.see_other_uids=0" to sysctl.conf and reboot (assuming securelevel > 0). I look forward to your comments. Thanks and cheers all - Ian Walker Index: sys/kern/kern_sysctl.c === RCS file: /cvs/src/sys/kern/kern_sysctl.c,v retrieving revision 1.320 diff -u -p -u -r1.320 kern_sysctl.c --- sys/kern/kern_sysctl.c11 Nov 2016 18:59:09 -1.320 +++ sys/kern/kern_sysctl.c4 Dec 2016 20:43:53 - @@ -263,6 +263,7 @@ size_t disknameslen; struct diskstats *diskstats = NULL; size_t diskstatslen; int securelevel; +int seeotheruids = 1; /* on by default */ /* * kernel related system variables. @@ -632,6 +633,13 @@ kern_sysctl(int *name, u_int namelen, vo dnsjackport = port; return 0; } +case KERN_SEEOTHERUIDS: { +if (securelevel > 0) +return (sysctl_rdint(oldp, oldlenp, newp, +seeotheruids)); +return (sysctl_int(oldp, oldlenp, newp, newlen, +)); +} default: return (EOPNOTSUPP); } @@ -1427,7 +1435,8 @@ sysctl_doproc(int *name, u_int namelen, int arg, buflen, doingzomb, elem_size, elem_count; int error, needed, op; int dothreads = 0; -int show_pointers; +int is_suser, show_pointers, show_otheruids; +uid_t euid; dp = where; buflen = where != NULL ? *sizep : 0; @@ -1444,7 +1453,10 @@ sysctl_doproc(int *name, u_int namelen, dothreads = op & KERN_PROC_SHOW_THREADS; op &= ~KERN_PROC_SHOW_THREADS; -show_pointers = suser(curproc, 0) == 0; +is_suser = suser(curproc, 0) == 0; +show_pointers = is_suser; +show_otheruids = seeotheruids || is_suser; +euid = curproc->p_ucred->cr_uid; if (where != NULL) kproc = malloc(sizeof(*kproc), M_TEMP, M_WAITOK); @@ -1461,6 +1473,9 @@ again: * Skip embryonic processes. */ if (pr->ps_flags & PS_EMBRYO) +continue; + +if (!show_otheruids && pr->ps_ucred->cr_uid != euid) continue; /* Index: sys/sys/sysctl.h === RCS file: /cvs/src/sys/sys/sysctl.h,v retrieving revision 1.170 diff -u -p -u -r1.170 sysctl.h --- sys/sys/sysctl.h7 Nov 2016 00:26:32 -1.170 +++ sys/sys/sysctl.h4 Dec 2016 20:43:55 - @@ -184,7 +184,8 @@ struct ctlname { #defineKERN_GLOBAL_PTRACE81/* allow ptrace globally */ #defineKERN_CONSBUFSIZE82/* int: console message buffer size */ #defineKERN_CONSBUF83/* console message buffer */ -#defineKERN_MAXID84/* number of valid kern ids */ +#defineKERN_SEEOTHERUIDS84/* see other users' proceesses */ +#defineKERN_MAXID85/* number of valid kern ids */ #defineCTL_KERN_NAMES { \ { 0, 0 }, \ @@ -269,6 +270,9 @@ struct ctlname { { "proc_nobroadcastkill", CTLTYPE_NODE }, \ { "proc_vmmap", CTLTYPE_NODE }, \ { "global_ptrace", CTLTYPE_INT }, \ +{ "gap", 0 }, \ +{ "gap", 0 }, \ +{ "see_other_uids", CTLTYPE_INT }, \ } /*
KERNEL PATCH: add process hiding
Hello OpenBSD Community - OpenBSD should have the ability to prevent users from seeing each other's processes even if this ability is disabled by default. In addition to the small security benefit this provides, it also affords each user a much greater amount of privacy. Linux and FreeBSD already support similar features ( https://www.cyberciti.biz/faq/linux-hide-processes-from-other-users/ && https://www.cyberciti.biz/faq/freebsd-disable-ps-sockstat-command-information-leakage/ ) and the implementation itself is fairly trivial. Below is a patch which implements basic process hiding for non-superusers and is activated with a sysctl knob. Similar to that of FreeBSD it is called "kern.see_other_uids¨. The idea is that if process spying is a security or privacy concern for you, you would add "kern.see_other_uids=0" to sysctl.conf and reboot (assuming securelevel > 0). I look forward to your comments. Thanks and cheers all -Ian Walker Index: sys/kern/kern_sysctl.c === RCS file: /cvs/src/sys/kern/kern_sysctl.c,v retrieving revision 1.320 diff -u -p -u -r1.320 kern_sysctl.c --- sys/kern/kern_sysctl.c 11 Nov 2016 18:59:09 - 1.320 +++ sys/kern/kern_sysctl.c 4 Dec 2016 20:43:53 - @@ -263,6 +263,7 @@ size_t disknameslen; struct diskstats *diskstats = NULL; size_t diskstatslen; int securelevel; +int seeotheruids = 1; /* on by default */ /* * kernel related system variables. @@ -632,6 +633,13 @@ kern_sysctl(int *name, u_int namelen, vo dnsjackport = port; return 0; } + case KERN_SEEOTHERUIDS: { + if (securelevel > 0) + return (sysctl_rdint(oldp, oldlenp, newp, + seeotheruids)); + return (sysctl_int(oldp, oldlenp, newp, newlen, + )); + } default: return (EOPNOTSUPP); } @@ -1427,7 +1435,8 @@ sysctl_doproc(int *name, u_int namelen, int arg, buflen, doingzomb, elem_size, elem_count; int error, needed, op; int dothreads = 0; - int show_pointers; + int is_suser, show_pointers, show_otheruids; + uid_t euid; dp = where; buflen = where != NULL ? *sizep : 0; @@ -1444,7 +1453,10 @@ sysctl_doproc(int *name, u_int namelen, dothreads = op & KERN_PROC_SHOW_THREADS; op &= ~KERN_PROC_SHOW_THREADS; - show_pointers = suser(curproc, 0) == 0; + is_suser = suser(curproc, 0) == 0; + show_pointers = is_suser; + show_otheruids = seeotheruids || is_suser; + euid = curproc->p_ucred->cr_uid; if (where != NULL) kproc = malloc(sizeof(*kproc), M_TEMP, M_WAITOK); @@ -1461,6 +1473,9 @@ again: * Skip embryonic processes. */ if (pr->ps_flags & PS_EMBRYO) + continue; + + if (!show_otheruids && pr->ps_ucred->cr_uid != euid) continue; /* Index: sys/sys/sysctl.h === RCS file: /cvs/src/sys/sys/sysctl.h,v retrieving revision 1.170 diff -u -p -u -r1.170 sysctl.h --- sys/sys/sysctl.h 7 Nov 2016 00:26:32 - 1.170 +++ sys/sys/sysctl.h 4 Dec 2016 20:43:55 - @@ -184,7 +184,8 @@ struct ctlname { #define KERN_GLOBAL_PTRACE 81 /* allow ptrace globally */ #define KERN_CONSBUFSIZE 82 /* int: console message buffer size */ #define KERN_CONSBUF 83 /* console message buffer */ -#define KERN_MAXID 84 /* number of valid kern ids */ +#define KERN_SEEOTHERUIDS 84 /* see other users' proceesses */ +#define KERN_MAXID 85 /* number of valid kern ids */ #define CTL_KERN_NAMES { \ { 0, 0 }, \ @@ -269,6 +270,9 @@ struct ctlname { { "proc_nobroadcastkill", CTLTYPE_NODE }, \ { "proc_vmmap", CTLTYPE_NODE }, \ { "global_ptrace", CTLTYPE_INT }, \ + { "gap", 0 }, \ + { "gap", 0 }, \ + { "see_other_uids", CTLTYPE_INT }, \ } /*