/usr/ucb/ps auxwww - output truncated for non-root users on Sol10.
Dexthor
When I run "/usr/ucb/ps auxwww" command as root, I get full cmdline
with args. Whereas, when I run it as non-root, the output gets
truncated just as the ps -ef cmd does.
Is this something new to Solaris 10 ? Previous releases were not doing
the same !!!
There are some scripts that I have going, that do run as non-root and
expect to see the full cmdline.
Any insights ??
TIA
Dexthor
Thomas Dehn
"Dexthor" <gmol...@gmail.com> wrote:
> Not sure if this is something specific to my Solaris 10 environment !!
>
> When I run "/usr/ucb/ps auxwww" command as root, I get full cmdline
> with args. Whereas, when I run it as non-root, the output gets
> truncated just as the ps -ef cmd does.
>
> Is this something new to Solaris 10 ?
I have faint memories of reading that. So, yes.
Thomas
Jean-Louis Liagre
I believe you can have it working for a non root user by granting him/her the
proc_owner privilege.
Casper H.S. Dik
>Any insights ??
Yes, we changed this in Solaris 10 so /usr/ucb/ps can run without
the set-uid bit.
We believe people deserve privacy from other people's processes
rummaging through their data segment (because that is what ps(1b)
did). This could potentially cause data leaks.
Similarly, we no longer allow you to see other user's environment
variables.
Casper
--
Expressed in this posting are my opinions. They are in no way related
to opinions held by my employer, Sun Microsystems.
Statements on Sun products included here are not gospel and may
be fiction rather than truth.
Darren Dunham
> Not sure if this is something specific to my Solaris 10 environment !!
> When I run "/usr/ucb/ps auxwww" command as root, I get full cmdline
> with args. Whereas, when I run it as non-root, the output gets
> truncated just as the ps -ef cmd does.
> Is this something new to Solaris 10 ? Previous releases were not doing
> the same !!!
Yes, this is new. It's not so much root/non root as privleged/non
privleged on the process (the process owner should be able to see it).
To get the full args, you have to read through the process itself.
Apparantly this is enough of a scare that you can't do it by default.
I think that you can set /usr/ucb/ps to be setuid root and get the old
output, but I can't evaluate how much risk that entails. You might also
be able to add more fine-grained privileges (such as being able to read
the process structure) to your scripts.
--
Darren Dunham ddu...@taos.com
Senior Technical Consultant TAOS http://www.taos.com/
Got some Dr Pepper? San Francisco, CA bay area
< This line left intentionally blank to confuse you. >
Dexthor
??
Though I am a sysadmin (old school), I write and give out tools/scripts
to others. I like the feature, just saw Solaris10 radically different
from rest of the Unices.
-Dexthor.
Casper H.S. Dik
>I think that you can set /usr/ucb/ps to be setuid root and get the old
>output, but I can't evaluate how much risk that entails. You might also
>be able to add more fine-grained privileges (such as being able to read
>the process structure) to your scripts.
Certainly *not* /usr/ucb/ps; possibly /usr/ucb/*/ps (i386, amd64,
sparcv7, sparcv9 sub directories)
/usr/ucb/ps is the isaexec wrapper; make it set-uid and your security
is shot.
We do not support slapping the set-uid bit on random executables.
Casper H.S. Dik
>So, if I ran it as the process owner I should have seen it fully right??
Correct.
>Though I am a sysadmin (old school), I write and give out tools/scripts
>to others. I like the feature, just saw Solaris10 radically different
>from rest of the Unices.
More or less standard "SysV" behaviour; old school BSD reads /dev/*mem
directly and was able to get at most everything; /usr/ucb/ps on Solaris
read the memory of a process directly.
Casper
Dexthor
-Dexthor.