Xref: utzoo comp.unix.questions:25756 comp.unix.internals:396
Path: utzoo!attcan!uunet!know!zaphod.mps.ohio-state.edu!usc!apple!veritas!craig
From: craig@veritas.uucp (Craig Harmer)
Newsgroups: comp.unix.questions,comp.unix.internals
Subject: Re: ps and wall; How do they work?
Summary: ps uses /dev/kmem
Keywords: ps kmem
Message-ID: <1990Sep26.073631.27543@veritas.uucp>
Date: 26 Sep 90 07:36:31 GMT
References: <27773@pasteur.Berkeley.EDU>
Organization: Veritas
Lines: 33

In article <27773@pasteur.Berkeley.EDU> achoi@cory.Berkeley.EDU (CHOI ANDREW MAN-TAT) writes:
...
>
>I have the following 2 questions about command 'ps' and 'wall':
>
>1)  How does 'ps' work?  Where does it get the information about all
>    the processes running on the system?  I suspect it may have
>    something to do with /dev/kmem (Kernel Memory); however, since
>    I don't have read/write permission on /dev/kmem, how can
>    'ps' acquire the permission to read /dev/kmem?  Is there a
>    setuid program exec by 'ps' to get root access?

yes, i reads /dev/kmem (kernel memory) to get the information.  ps
is generally setuid root, or (more intelligently) setgid sys
(or whatever is relevant to your machine).  when ps is executed,
it runs with an "effective" group id of (see the setuid(2) man
page).

>2)  Even after I do 'mesg n' or 'chmod og-rx /dev/tty?', other
>    users can still send me message through command 'wall',
>    how come?  Is there anyway to prevent 'wall' from sending the
>    message?

root can always write to your terminal; one of the priviledges
of being root is having write permission on all files (including
special files, like /dev/tty).  "mesg n" or "chmod 0600 /dev/tty??"
should prevent other people from writing to your tty.

-- 
{apple,pyramid,amdahl}!veritas!craig			craig@hoser.veritas.com
(415) 626-6827 (h)					(408) 433-5588 x220 (w)
	[views expressed above shouldn't be taken as 
	Veritas' views, or your views or even as my views]