Xref: utzoo comp.unix.questions:25460 comp.unix.internals:262
Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!uunet!virtech!cpcahil
From: cpcahil@virtech.uucp (Conor P. Cahill)
Newsgroups: comp.unix.questions,comp.unix.internals
Subject: Re: ps and wall; How do they work?
Message-ID: <1990Sep14.000402.29428@virtech.uucp>
Date: 14 Sep 90 00:04:02 GMT
References: <27773@pasteur.Berkeley.EDU>
Reply-To: cpcahil@virtech.UUCP (Conor P. Cahill)
Organization: Virtual Technologies Inc., Sterling VA
Lines: 35

In article <27773@pasteur.Berkeley.EDU> achoi@cory.Berkeley.EDU (CHOI ANDREW MAN-TAT) writes:
>
>1)  How does 'ps' work?  Where does it get the information about all
>    the processes running on the system?  I suspect it may have

It uses "/unix" (or whatever the kernel is named on your system) to get
the addresses of where the data is.  Then it reads /dev/kmem (using the
addresses gotten from /unix) to get the data.

Throw in /dev, and /etc/passwd and there you go (i.e. ps then has all
the information it needs).

>    I don't have read/write permission on /dev/kmem, how can
>    'ps' acquire the permission to read /dev/kmem?  Is there a
>    setuid program exec by 'ps' to get root access?

Do an ls -l of /bin/ps.  It should be setuid or setgid (probably setgid).

>2)  Even after I do 'mesg n' or 'chmod og-rx /dev/tty?', other
>    users can still send me message through command 'wall',
>    how come?  Is there anyway to prevent 'wall' from sending the
>    message?

Maybe they are running as super-user?  Then they will have access to
the port no matter what you set the mode to. 

Wall is only supposed to be used for important system messages
(like "system is going down in 10 seconds") so you shouldn't be
getting to many of them.


-- 
Conor P. Cahill            (703)430-9247        Virtual Technologies, Inc.,
uunet!virtech!cpcahil                           46030 Manekin Plaza, Suite 160
                                                Sterling, VA 22170