Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!yale!cmcl2!adm!smoke!gwyn
From: gwyn@smoke.BRL.MIL (Doug Gwyn)
Newsgroups: comp.unix.questions
Subject: Re: ps and wall; How do they work?
Message-ID: <13850@smoke.BRL.MIL>
Date: 13 Sep 90 21:39:10 GMT
References: <27773@pasteur.Berkeley.EDU>
Organization: U.S. Army Ballistic Research Laboratory, APG, MD.
Lines: 23

In article <27773@pasteur.Berkeley.EDU> achoi@cory.Berkeley.EDU (CHOI ANDREW MAN-TAT) writes:
>1)  How does 'ps' work?  Where does it get the information about all
>    the processes running on the system?  I suspect it may have
>    something to do with /dev/kmem (Kernel Memory);

Yes, the information about process state is typically obtained by directly
rummaging around in the kernel's process tables.

> however, since
>    I don't have read/write permission on /dev/kmem, how can
>    'ps' acquire the permission to read /dev/kmem?  Is there a
>    setuid program exec by 'ps' to get root access?

"ps" should be installed set-GID and belong to a group such as
"memory" that has read permission on /dev/kmem.

>2)  Even after I do 'mesg n' or 'chmod og-rx /dev/tty?', other
>    users can still send me message through command 'wall',
>    how come?  Is there anyway to prevent 'wall' from sending the
>    message?

Any version of "wall" that writes on terminals that have had "mesg n"
executed on them is BROKEN.  You can fix that by removing /bin/wall.