Hello OpenBSD Community -
OpenBSD should have the ability to prevent users from seeing each other's
processes even if this ability is disabled by default. In addition to the small
security benefit this provides, it also affords each user a much greater amount
of privacy. Linux and FreeBSD already support similar features (
https://www.cyberciti.biz/faq/linux-hide-processes-from-other-users/ &&
https://www.cyberciti.biz/faq/freebsd-disable-ps-sockstat-command-information-leakage/
) and the implementation itself is fairly trivial.
Below is a patch which implements basic process hiding for non-superusers and
is activated with a sysctl knob. Similar to that of FreeBSD it is called
"kern.see_other_uids¨. The idea is that if process spying is a security or
privacy concern for you, you would add "kern.see_other_uids=0" to sysctl.conf
and reboot (assuming securelevel > 0).
I look forward to your comments.
Thanks and cheers all -Ian Walker
Index: sys/kern/kern_sysctl.c
===================================================================
RCS file: /cvs/src/sys/kern/kern_sysctl.c,v
retrieving revision 1.320
diff -u -p -u -r1.320 kern_sysctl.c
--- sys/kern/kern_sysctl.c 11 Nov 2016 18:59:09 -0000 1.320
+++ sys/kern/kern_sysctl.c 4 Dec 2016 20:43:53 -0000
@@ -263,6 +263,7 @@ size_t disknameslen;
struct diskstats *diskstats = NULL;
size_t diskstatslen;
int securelevel;
+int seeotheruids = 1; /* on by default */
/*
* kernel related system variables.
@@ -632,6 +633,13 @@ kern_sysctl(int *name, u_int namelen, vo
dnsjackport = port;
return 0;
}
+ case KERN_SEEOTHERUIDS: {
+ if (securelevel > 0)
+ return (sysctl_rdint(oldp, oldlenp, newp,
+ seeotheruids));
+ return (sysctl_int(oldp, oldlenp, newp, newlen,
+ &seeotheruids));
+ }
default:
return (EOPNOTSUPP);
}
@@ -1427,7 +1435,8 @@ sysctl_doproc(int *name, u_int namelen,
int arg, buflen, doingzomb, elem_size, elem_count;
int error, needed, op;
int dothreads = 0;
- int show_pointers;
+ int is_suser, show_pointers, show_otheruids;
+ uid_t euid;
dp = where;
buflen = where != NULL ? *sizep : 0;
@@ -1444,7 +1453,10 @@ sysctl_doproc(int *name, u_int namelen,
dothreads = op & KERN_PROC_SHOW_THREADS;
op &= ~KERN_PROC_SHOW_THREADS;
- show_pointers = suser(curproc, 0) == 0;
+ is_suser = suser(curproc, 0) == 0;
+ show_pointers = is_suser;
+ show_otheruids = seeotheruids || is_suser;
+ euid = curproc->p_ucred->cr_uid;
if (where != NULL)
kproc = malloc(sizeof(*kproc), M_TEMP, M_WAITOK);
@@ -1461,6 +1473,9 @@ again:
* Skip embryonic processes.
*/
if (pr->ps_flags & PS_EMBRYO)
+ continue;
+
+ if (!show_otheruids && pr->ps_ucred->cr_uid != euid)
continue;
/*
Index: sys/sys/sysctl.h
===================================================================
RCS file: /cvs/src/sys/sys/sysctl.h,v
retrieving revision 1.170
diff -u -p -u -r1.170 sysctl.h
--- sys/sys/sysctl.h 7 Nov 2016 00:26:32 -0000 1.170
+++ sys/sys/sysctl.h 4 Dec 2016 20:43:55 -0000
@@ -184,7 +184,8 @@ struct ctlname {
#define KERN_GLOBAL_PTRACE 81 /* allow ptrace globally */
#define KERN_CONSBUFSIZE 82 /* int: console message buffer size */
#define KERN_CONSBUF 83 /* console message buffer */
-#define KERN_MAXID 84 /* number of valid kern ids */
+#define KERN_SEEOTHERUIDS 84 /* see other users' proceesses */
+#define KERN_MAXID 85 /* number of valid kern ids */
#define CTL_KERN_NAMES { \
{ 0, 0 }, \
@@ -269,6 +270,9 @@ struct ctlname {
{ "proc_nobroadcastkill", CTLTYPE_NODE }, \
{ "proc_vmmap", CTLTYPE_NODE }, \
{ "global_ptrace", CTLTYPE_INT }, \
+ { "gap", 0 }, \
+ { "gap", 0 }, \
+ { "see_other_uids", CTLTYPE_INT }, \
}
/*
