diff -cprN procps-2.0.7.orig/proc/ksym.c procps-2.0.7/proc/ksym.c *** procps-2.0.7.orig/proc/ksym.c Mon Jul 10 16:23:07 2000 --- procps-2.0.7/proc/ksym.c Thu May 10 11:12:31 2001 *************** int open_psdb_message(const char *overri *** 238,244 **** } int open_psdb(const char *override) { ! return open_psdb_message(override, default_message); } /***********************************/ --- 238,245 ---- } int open_psdb(const char *override) { ! /* return open_psdb_message(override, default_message); */ ! return -1; } /***********************************/ diff -cprN procps-2.0.7.orig/proc/readproc.c procps-2.0.7/proc/readproc.c *** procps-2.0.7.orig/proc/readproc.c Mon Jul 10 20:55:39 2000 --- procps-2.0.7/proc/readproc.c Thu May 10 11:12:31 2001 *************** char** file2strvec(char* directory, char *** 303,310 **** proc_t* readproc(PROCTAB* PT, proc_t* rbuf) { static struct direct *ent; /* dirent handle */ static struct stat sb; /* stat buffer */ ! static char path[32], sbuf[512]; /* bufs for stat,statm */ ! int allocated = 0, matched = 0; /* flags */ proc_t *p = NULL; /* loop until a proc matching restrictions is found or no more processes */ --- 303,310 ---- proc_t* readproc(PROCTAB* PT, proc_t* rbuf) { static struct direct *ent; /* dirent handle */ static struct stat sb; /* stat buffer */ ! static char path[32], temp1[32], sbuf[512]; /* bufs for stat,statm */ ! int fd, allocated = 0, matched = 0; /* flags */ proc_t *p = NULL; /* loop until a proc matching restrictions is found or no more processes */ *************** next_proc: /* get next PID for consid *** 332,337 **** --- 332,345 ---- if (Do(UID) && !XinLN(uid_t, sb.st_uid, PT->uids, PT->nuid)) goto next_proc; /* not one of the requested uids */ + /* FreeVSD: For chrooted environments we do not want a virtual server + seeing other processes on the system. */ + sprintf (temp1, "%s/root", path); + fd = open (temp1, O_RDONLY); + if (fd == -1) + goto next_proc; + close (fd); + if (!allocated) { /* assign mem for return buf */ p = rbuf ? rbuf : xcalloc(p, sizeof *p); /* passed buf or alloced mem */ allocated = 1; /* remember space is set up */ *************** next_proc: /* get next PID for consid *** 403,410 **** proc_t* ps_readproc(PROCTAB* PT, proc_t* rbuf) { static struct direct *ent; /* dirent handle */ static struct stat sb; /* stat buffer */ ! static char path[32], sbuf[512]; /* bufs for stat,statm */ ! int allocated = 0 /* , matched = 0 */ ; /* flags */ proc_t *p = NULL; /* loop until a proc matching restrictions is found or no more processes */ --- 411,418 ---- proc_t* ps_readproc(PROCTAB* PT, proc_t* rbuf) { static struct direct *ent; /* dirent handle */ static struct stat sb; /* stat buffer */ ! static char path[32], temp1[32], sbuf[512]; /* bufs for stat,statm */ ! int fd, allocated = 0 /* , matched = 0 */ ; /* flags */ proc_t *p = NULL; /* loop until a proc matching restrictions is found or no more processes */ *************** next_proc: /* get next PID for consid *** 423,428 **** --- 431,444 ---- if (stat(path, &sb) == -1) /* no such dirent (anymore) */ goto next_proc; + + /* FreeVSD: For chrooted environments we do not want a virtual server + seeing other processes on the system. */ + sprintf (temp1, "%s/root", path); + fd = open (temp1, O_RDONLY); + if (fd == -1) + goto next_proc; + close (fd); if (!allocated) { /* assign mem for return buf */ p = rbuf ? rbuf : xcalloc(p, sizeof *p); /* passed buf or alloced mem */ diff -cprN procps-2.0.7.orig/ps/display.c procps-2.0.7/ps/display.c *** procps-2.0.7.orig/ps/display.c Mon Jul 10 21:59:14 2000 --- procps-2.0.7/ps/display.c Thu May 10 11:12:31 2001 *************** static void fancy_spew(void){ *** 347,360 **** /***** no comment */ int main(int argc, char *argv[]){ - if(getuid()!=geteuid()){ - fprintf(stderr, "This /bin/ps is not secure for setuid operation.\n"); - exit(1); - } - if(getgid()!=getegid()){ - fprintf(stderr, "This /bin/ps is not secure for setgid operation.\n"); - exit(1); - } #ifdef DEBUG init_stack_trace(argv[0]); --- 347,352 ----