LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Slackware (https://www.linuxquestions.org/questions/slackware-14/)
-   -   confine the output of 'ps -aux' for a user? (https://www.linuxquestions.org/questions/slackware-14/confine-the-output-of-ps-aux-for-a-user-317147/)

houler 04-25-2005 10:33 PM
confine the output of 'ps -aux' for a user?
 
I was wondering, is there a way to confine the output results of ps -aux?

I want to make it so that the users can only see his/her own processes and not other people's processes, no matter what 'ps' commands the user runs.

puffinman 04-25-2005 11:05 PM
I don't think this is possible, and even if it were, process information could still be gleaned directly from /proc. A kludge would be to write a wrapper program for ps which checks arguments and ensures only processes from the current user are printed. You could move ps to some other name, and have the new ps call the old one. If you wanted to make sure nobody called the old ps, set it executable for root only and then make the new ps suid root.

Disclaimer: I don't think the above is a good idea, I'm just saying how it could be done. Do this at your own risk. :tisk:

houler 04-25-2005 11:10 PM
Well I have a shell account in 1and1.com which is running linux (with grsecurity) and I found it interesting (cool beans) that the output of 'ps -aux' would only bring up processes the user is running (no root process or other user processes, just mine).

There has to be some easier way, cuz I don't know how to 'code' a wrapper program. :rolleyes:

Social Burn 04-25-2005 11:11 PM
Quote:
Originally posted by puffinman
I don't think this is possible, and even if it were, process information could still be gleaned directly from /proc. A kludge would be to write a wrapper program for ps which checks arguments and ensures only processes from the current user are printed. You could move ps to some other name, and have the new ps call the old one. If you wanted to make sure nobody called the old ps, set it executable for root only and then make the new ps suid root.

Disclaimer: I don't think the above is a good idea, I'm just saying how it could be done. Do this at your own risk. :tisk:
Of course it's possible.

I presume that it may not be worth the trouble it would probably take.

houler 04-25-2005 11:23 PM
Quote:
Originally posted by puffinman
I don't think this is possible, and even if it were, process information could still be gleaned directly from /proc. A kludge would be to write a wrapper program for ps which checks arguments and ensures only processes from the current user are printed. You could move ps to some other name, and have the new ps call the old one. If you wanted to make sure nobody called the old ps, set it executable for root only and then make the new ps suid root.

Disclaimer: I don't think the above is a good idea, I'm just saying how it could be done. Do this at your own risk. :tisk:

I found some patch info for this:

http://www.debianhowto.de/howtos/en/...rsecurity.html

puffinman 04-25-2005 11:33 PM
Quote:
There has to be some easier way, cuz I don't know how to 'code' a wrapper program. :rolleyes:
Well, a simple wrapper is very simple. For example, you can cripple ps by not allowing any options at all. Move ps to say, oldps, then make the new ps this:

Code:
#!/bin/sh
exec oldps
If you wanted to control it more than this, you would have to check each argument to see whether it provides more information than you want people to have, and pass the allowed arguments on to oldps in the exec. You would have to think about it carefully, because ps has a LOT of options.

houler 04-25-2005 11:40 PM
Quote:
Originally posted by puffinman
Well, a simple wrapper is very simple. For example, you can cripple ps by not allowing any options at all. Move ps to say, oldps, then make the new ps this:

Code:
#!/bin/sh
exec oldps
If you wanted to control it more than this, you would have to check each argument to see whether it provides more information than you want people to have, and pass the allowed arguments on to oldps in the exec. You would have to think about it carefully, because ps has a LOT of options.
Did a bit of googling, and you're right it isn't worh it the hassle. Someone could just download a binary of ps and put it in their home directory and execute it.


Where in /proc could i see process information?

puffinman 04-25-2005 11:44 PM
Quote:
Where in /proc could i see process information?
Try man proc.


All times are GMT -5. The time now is 08:10 AM.