Date: Sun, 26 Jul 2009 07:48:22 +0000 (UTC) From: Stanislav Sedov <stas@FreeBSD.org> To: src-committers@freebsd.org, svn-src-projects@freebsd.org Subject: svn commit: r195883 - projects/libprocstat/usr.bin/fstat Message-ID: <200907260748.n6Q7mMUK063471@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: stas Date: Sun Jul 26 07:48:22 2009 New Revision: 195883 URL: http://svn.freebsd.org/changeset/base/195883 Log: - Install with setgid mode (required for sysctl access). - Discard setgid privilegies after file list retrieval. Modified: projects/libprocstat/usr.bin/fstat/Makefile projects/libprocstat/usr.bin/fstat/fstat.c projects/libprocstat/usr.bin/fstat/fuser.c Modified: projects/libprocstat/usr.bin/fstat/Makefile ============================================================================== --- projects/libprocstat/usr.bin/fstat/Makefile Sun Jul 26 06:38:56 2009 (r195882) +++ projects/libprocstat/usr.bin/fstat/Makefile Sun Jul 26 07:48:22 2009 (r195883) @@ -8,6 +8,8 @@ SRCS= cd9660.c common_kvm.c fstat.c fuse LINKS= ${BINDIR}/fstat ${BINDIR}/fuser DPADD= ${LIBKVM} LDADD= -lkvm -lutil +BINGRP= kmem +BINMODE=2555 WARNS?= 6 MAN1= fuser.1 fstat.1 Modified: projects/libprocstat/usr.bin/fstat/fstat.c ============================================================================== --- projects/libprocstat/usr.bin/fstat/fstat.c Sun Jul 26 06:38:56 2009 (r195882) +++ projects/libprocstat/usr.bin/fstat/fstat.c Sun Jul 26 07:48:22 2009 (r195883) @@ -165,12 +165,19 @@ do_fstat(int argc, char **argv) checkfile = 1; } + /* + * Discard setgid privileges if not the running kernel so that bad + * guys can't print interesting stuff from kernel memory. + */ + if (nlistf != NULL || memf != NULL) + setgid(getgid()); procstat = procstat_open(nlistf, memf); if (procstat == NULL) errx(1, "procstat_open()"); p = procstat_getprocs(procstat, what, arg, &cnt); if (p == NULL) errx(1, "procstat_getprocs()"); + setgid(getgid()); /* * Print header. Modified: projects/libprocstat/usr.bin/fstat/fuser.c ============================================================================== --- projects/libprocstat/usr.bin/fstat/fuser.c Sun Jul 26 06:38:56 2009 (r195882) +++ projects/libprocstat/usr.bin/fstat/fuser.c Sun Jul 26 07:48:22 2009 (r195883) @@ -168,11 +168,11 @@ do_fuser(int argc, char *argv[]) struct reqfile *reqfiles; int ch, cnt, sig; unsigned int i, nfiles; - char *ep, *kernimg, *mcore; + char *ep, *nlistf, *memf; sig = SIGKILL; /* Default to kill. */ - kernimg = NULL; - mcore = NULL; + nlistf = NULL; + memf = NULL; while ((ch = getopt(argc, argv, "M:N:cfhkms:u")) != -1) switch(ch) { case 'f': @@ -186,10 +186,10 @@ do_fuser(int argc, char *argv[]) flags |= CFLAG; break; case 'N': - kernimg = optarg; + nlistf = optarg; break; case 'M': - mcore = optarg; + memf = optarg; break; case 'u': flags |= UFLAG; @@ -240,12 +240,19 @@ do_fuser(int argc, char *argv[]) if (nfiles == 0) errx(EX_IOERR, "files not accessible"); - procstat = procstat_open(kernimg, mcore); + /* + * Discard setgid privileges if not the running kernel so that bad + * guys can't print interesting stuff from kernel memory. + */ + if (nlistf != NULL || memf != NULL) + setgid(getgid()); + procstat = procstat_open(nlistf, memf); if (procstat == NULL) errx(1, "procstat_open()"); p = procstat_getprocs(procstat, KERN_PROC_PROC, 0, &cnt); if (p == NULL) errx(1, "procstat_getprocs()"); + setgid(getgid()); /* * Walk through process table and look for matching files.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200907260748.n6Q7mMUK063471>