root can't see non-root command line options in ps

Discuss usability issues, general maintenance, and general support issues for a grsecurity-enabled system.

root can't see non-root command line options in ps

Postby tomalok » Fri Mar 28, 2003 2:02 pm

kernel 2.4.20, grsecurity 1.9.9d (lots of address space protection, no acl, filesystem protections (proc user vs. group or with/without additional restrictions doesn't seem to matter), sysctl support)...

apparently, root can't see command line options via ps, (and can't strace either) which is a bit disconcerting... i kind of like to see what users may be up to... commands in ps are enclosed via []...

is there a way to turn this feature off for the root user?
tomalok
 
Posts: 3
Joined: Fri Mar 28, 2003 1:50 pm

Postby spender » Fri Mar 28, 2003 4:48 pm

The processes in [] is due to the ptrace patch included in 1.9.9d. Since the same patch has been submitted for inclusion in 2.4.21-pre6, it will be the same way in 2.4.21. As for not being able to see command lines of non-root processes, it's not related to grsecurity. Maybe you could paste the output of ls -al on /proc. It could be another effect of the ptrace patch.

-Brad
spender
 
Posts: 2185
Joined: Wed Feb 20, 2002 8:00 pm

Postby tomalok » Fri Mar 28, 2003 5:46 pm

i can confirm that this behavior is also happening in a ptrace-patched 2.4.20 kernel (without grsecurity)... so, it's not a problem with grsecurity then.

the ptrace patch seems to have inadvertently opened up a new possibility for those who want to "discreetly" run things from their account... all they have to do is rename the binary to something that won't draw suspicion, and set it running. they don't even have to worry about matching the command line options, and we'll never be able to ptrace it to see what they're up to... :(
tomalok
 
Posts: 3
Joined: Fri Mar 28, 2003 1:50 pm


Return to grsecurity support