Re: [gentoo-dev] Testing to see if services have crashed on hardened

2008-03-25 Thread Fabian Groffen
On 21-03-2008 12:07:24 +, Roy Marples wrote: > On Friday 21 March 2008 10:37:11 Fabian Groffen wrote: > > Assuming you would use libkvm, on Darwin this means as unprivileged user > > (not using suid) you can't see any processes at all. > > That's different from FreeBSD and NetBSD then. Indeed

Re: [gentoo-dev] Testing to see if services have crashed on hardened

2008-03-21 Thread Roy Marples
On Friday 21 March 2008 12:39:48 Natanael Copa wrote: > /* pid 1 is most likely owned by root */ > hardened = pid_is_running(1); > if (!hardened || (hardened && euid==0) { OK, we'll go with that for the time being. Thanks Roy -- gentoo-dev@lists.gentoo.org mailing list

Re: [gentoo-dev] Testing to see if services have crashed on hardened

2008-03-21 Thread Natanael Copa
On Fri, 2008-03-21 at 12:08 +, Roy Marples wrote: > On Friday 21 March 2008 10:44:12 Natanael Copa wrote: > > err... run rc-status as root? > > > > I mean if you are not supposed to see if a process is running or not as > > normal user, then hardned is doin it's job when does not allow rc-stat

Re: [gentoo-dev] Testing to see if services have crashed on hardened

2008-03-21 Thread Roy Marples
On Friday 21 March 2008 10:44:12 Natanael Copa wrote: > err... run rc-status as root? > > I mean if you are not supposed to see if a process is running or not as > normal user, then hardned is doin it's job when does not allow rc-status > to show this info to the unprivileged user. > > if (!HARDENE

Re: [gentoo-dev] Testing to see if services have crashed on hardened

2008-03-21 Thread Roy Marples
On Friday 21 March 2008 10:37:11 Fabian Groffen wrote: > Assuming you would use libkvm, on Darwin this means as unprivileged user > (not using suid) you can't see any processes at all. That's different from FreeBSD and NetBSD then. > > > This isn't really an easy answer, as we could have installe

Re: [gentoo-dev] Testing to see if services have crashed on hardened

2008-03-21 Thread Natanael Copa
On Fri, 2008-03-21 at 10:20 +, Roy Marples wrote: > Hi List. > > I've just removed the code to check for euid when running services and > instead > relying on permissions of the service state dir and testing errno. This is a > good thing, but it does have one side effect. > > OpenRC can t

Re: [gentoo-dev] Testing to see if services have crashed on hardened

2008-03-21 Thread Fabian Groffen
On 21-03-2008 10:20:45 +, Roy Marples wrote: > Hi List. > > I've just removed the code to check for euid when running services and > instead relying on permissions of the service state dir and testing > errno. This is a good thing, but it does have one side effect. > > OpenRC can track daemon

[gentoo-dev] Testing to see if services have crashed on hardened

2008-03-21 Thread Roy Marples
Hi List. I've just removed the code to check for euid when running services and instead relying on permissions of the service state dir and testing errno. This is a good thing, but it does have one side effect. OpenRC can track daemons by how they were started. So every time you run rc-status