>So a situation at $WORK today has me wondering something - why is it
>that the pr_psargs member of psinfo is limited to 80 bytes (therefore,
>characters) ? Is this mainly due to historic reasons?
Well, /proc uses public structures; once they're defined, you cannot
change them.
But there are two parts of this: psargs is copied when exec is performed;
if you want to get more, you will need to copy more.
>I realize that expanding the size of that member will certainly break
>binary compatibility, but I can't think of any security implications
>for properly storing and revealing more of a process's arguments,
>perhaps in a new structure or other appropriate facility where it can
>be programatically retrieved with out requiring elevated privs and the
>shenanigans that pargs(1) goes through to get the full arg list of a
>pid.
We can probably change ps to report more of pargs and environments but
only if you have permission to open the specific process, like pargs(1).
If you want to report *everything* you MUST copy the complete argv[]
vector at exec time (max 2MB). You can't use the mechanism pargs uses
because applications can and will modify argv[][] and pargs can report
private memory which isn't part of the original argv[] and that's where
the security issue is.
So the options are:
- copy more when the program is execed (80 is apparently not
enough, but what is, do we really need to copy everything?)
- report more of argv but only for "your" processes.
Casper
_______________________________________________
opensolaris-code mailing list
[email protected]
http://mail.opensolaris.org/mailman/listinfo/opensolaris-code
