Login or Register to Ask a Question and Join Our Community


Solaris

ps output truncated

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Operating Systems Solaris ps output truncated
# 22  
Old 03-22-2013
Quote:
Originally Posted by jlliagre
Please don't advise that ...

Precisely. I just checked on a Solaris 10 update 2 and /usr/ucb/ps code is shared by 62 binaries, including mdb and dtrace (man isaexec to understand why). That means you basically grant root access to anyone with adding the setuid bit to ps.

...
That's what happens when you post things off the top of your head without bothering to check what the binary is linked to, which is why I tossed in that caveat about Solaris hard linking base binaries.

Quote:
Originally Posted by jlliagre
You should ask your application team fix their script. It currently rely on a buggy behavior.

Make sure the latest Solaris 10 security patches are applied.

Perhaps have some of your servers been compromised.
I'm wondering about that one, too. I'd like to see the truss output from one of the ps commands that can pull the entire arg list from a non-owned process, along with the entire "ls -la" output from the /proc/[pid] directory for that same process.

This is from the proc.4 man page on one of my Solaris boxes:

Quote:
For security reasons, except for the psinfo, usage, lpsinfo,
lusage, lwpsinfo, and lwpusage files, which are world-
readable, and except for privileged processes, an open of a
/proc file fails unless both the user-ID and group-ID of the
caller match those of the traced process and the process's
object file is readable by the caller. The effective set of
the caller is a superset of both the inheritable and the
permitted set of the target process. The limit set of the
caller is a superset of the limit set of the target process.
Except for the world-readable files just mentioned, files
corresponding to setuid and setgid processes can be opened
only by the appropriately privileged process.

A process that is missing the basic privilege
{PRIV_PROC_INFO} cannot see any processes under /proc that
it cannot send a signal to.

A process that has {PRIV_PROC_OWNER} asserted in its effec-
tive set can open any file for reading. To manipulate or
control a process, the controlling process must have at
least as many privileges in its effective set as the target
process has in its effective, inheritable, and permitted
sets. The limit set of the controlling process must be a
superset of the limit set of the target process. Additional
restrictions apply if any of the uids of the target process
are 0. See privileges(5).
It sure looks like PRIV_PROC_OWNER is getting set on the servers this "works" on.
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

Ps -ef, output getting truncated, please help

Hi All, here is an output of my command and the problem is that my output string is truncated, I want to exact the full string, I am on BASH shell, please help me out. Regards Rahul command with Output : lonss05903:cmdsvc01 /home/cmdsvc01 > ps -aef|grep 'Copy' cmdsvc01 2642 8675 ... (7 Replies)
Discussion started by: rahulkalra9
7 Replies

2. UNIX for Advanced & Expert Users

Problem piping find output to awk, 1st line filename is truncated, other lines are fine.

Today I needed to take a look through a load of large backup files, so I wrote the following line to find them, order them by size, and print the file sizes in GB along with the filename. What happened was odd, the output was all as expected except for the first output line which had the filename... (4 Replies)
Discussion started by: gencon
4 Replies

3. UNIX for Dummies Questions & Answers

output from sed getting truncated

Hi all, I have used sed command with a file of size 7KB and stored the output to another file. When i look into the output file, a few file lines at the bottom have got truncated. The sed statement i used is as below. Why does this happen and how to resolve this. SQL=`sed... (3 Replies)
Discussion started by: madhan@29
3 Replies

4. Linux

relocation truncated to fit

Hi, I am getting linking error i.e. /ade/aime_urtk/oracle/has/include/caa_ResStateListener.hxx:79: relocation truncated to fit: R_PPC_GO T16 vtable for CAA::ResourceStateListener /ade/aime_urtk/oracle/has/lib//libcaad.a(caa_Main.o)(.text+0x88e6): In function `CAA::ResourceStateL... (0 Replies)
Discussion started by: jgobbur
0 Replies

5. UNIX for Dummies Questions & Answers

File gets truncated

Hi Guys, I have a master script file. That calls the other script files. The sub script files append some of the data to the log file. Once the master script completes one sub script execution and returns to execute other sub script that appends to the same log file. the log file gets... (2 Replies)
Discussion started by: Swapna173
2 Replies

6. Shell Programming and Scripting

Truncated with a pipe?

OK, I'm stumped. I have a shell script that reads a list, and for every item in the list performs a lookup in our Active Directory. Now, it seems that when I pipe the results into grep, the complete results are not there (truncated?). I'm not sure if this is a limit of the pipe, grep, shell... (1 Reply)
Discussion started by: TheCrunge
1 Replies

7. AIX

PS truncated in AIX

folks; how can i get longer output than the one i got by using "/usr/ucb/ps awwx"? :mad: (2 Replies)
Discussion started by: moe2266
2 Replies

8. Solaris

ps truncated output

Hi Problem of ps on Solaris 8 and 9 Perhaps a silly question but I can't find a solution. the output of the command ps -ef is truncated. I've tried to change the terminal settings with stty putting a big number of colums: no change. Following the man page of ps i have set the variable... (8 Replies)
Discussion started by: renoc
8 Replies

9. UNIX for Advanced & Expert Users

ps output truncated

Hi! I have some shell scripts receiving in input lots of parameters and I need to select the ones having a particular value in one parameter. A typical shell command line is: PROMPT > shell_name.ksh -avalue_a -bvalue_b -cvalue_c -dvalue_d ... I used a combinaton of ps and grep commands... (5 Replies)
Discussion started by: pciatto
5 Replies

10. Shell Programming and Scripting

ps output truncated

Hi! I have some shell scripts receiving in input lots of parameters and I need to select the ones having a particular value in one parameter. A typical shell command line is: PROMPT > shell_name.ksh -avalue_a -bvalue_b -cvalue_c -dvalue_d ... I used a combinaton of ps and grep commands... (1 Reply)
Discussion started by: pciatto
1 Replies
Login or Register to Ask a Question