I guess one thing that could explain that is if the ps binary was setuid root. But that would indicate frighteningly bad systems administration.

I'd actually be kind of surprised (but I could believe still it) that solaris has less security partitioning than linux.

Even when not run as root and the process belongs to another user.

The /usr/ucb/ps command is SetUID root, as you suggest (well, it's a wrapper for a SetUID program). In traditional Unix, ps was always SetUID root, as it read process structures directly from kernel memory. It's only in more modern Unices with /proc that it doesn't need to be, but for some reason on Solaris it still is.

To be fair, /usr/ucb/ps is a SunOS 4 compatibility-mode program, and doesn't have to be installed. I couldn't find a way to look at a process's environment with the /bin/ps, but regardless it's not safe to assume nobody else can look at your environment.

Heh... setuid craziness. That's kind of scary.

Here's a nice super-quick audit that you might want to run:

find `perl -e 'print join(" ",split/:/,$ENV{PATH})'` -type f -perm -40
+00 -uid 0 2>/dev/null
[download]

Of course, in order to be a complete audit, though, you'd have to iterate over /, instead of just over $PATH.


------------
:Wq
Not an editor command: Wq