Page MenuHomeFreeBSD

ps(1): Match current user's processes using ps' effective UID
Needs ReviewPublic

Authored by olce on Tue, Apr 1, 1:38 PM.
Tags
None
Referenced Files
Unknown Object (File)
Fri, Apr 4, 8:12 PM
Unknown Object (File)
Fri, Apr 4, 3:18 PM
Unknown Object (File)
Thu, Apr 3, 9:05 PM
Unknown Object (File)
Thu, Apr 3, 8:06 PM

Details

Reviewers
emaste
pstef
kib
Summary

This puts our ps(1) in conformance with POSIX.

While here, replace ad-hoc initialization of 'uidlist' with a call to
expand_list().


Review of the ps(1) implementations in other BSDs, illumos, and Linux's
procps shows they already behave as prescribed by POSIX.

Previously, we would match processes with their effective user ID but
using our real user ID. While the real user ID is meant as the real
identity of a process, and is used, e.g., to perform accounting or be
permitted to send signals to specific targets, selecting processes to
display is arguably more akin to a kind of (advisory) access control.
ps(1) is not installed setuid, so normally the real and effective user
IDs of ps processes are the same. This may however not be the case when
ps(1) is launched by another setuid executable, and the launching
process may then logically expect that ps(1) lists the processes
corresponding to its effective UID.

Relnotes: yes

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Skipped
Unit
Tests Skipped
Build Status
Buildable 63310
Build 60194: arc lint + arc unit

Event Timeline

olce requested review of this revision.Tue, Apr 1, 1:38 PM
olce edited the summary of this revision. (Show Details)
  • Add an UPDATING entry
  • Tag the commit as needing a release note

Please leave out the editorializing in the description. It's sufficient to say posix compliance and to bring ps in line with all current implementations. Adding "every modern" and the other stuff is over the top and adds no useful information to our future selves.

In D49619#1132166, @imp wrote:

Please leave out the editorializing in the description. It's sufficient to say posix compliance and to bring ps in line with all current implementations. Adding "every modern" and the other stuff is over the top and adds no useful information to our future selves.

Yes, the "every modern implementation" formulation was unfortunate. Thanks.