From owner-freebsd-ports-bugs@FreeBSD.ORG  Mon Dec 21 20:00:18 2009
Return-Path: <owner-freebsd-ports-bugs@FreeBSD.ORG>
Delivered-To: freebsd-ports-bugs@hub.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 19CA31065695
	for <freebsd-ports-bugs@hub.freebsd.org>;
	Mon, 21 Dec 2009 20:00:18 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
	[IPv6:2001:4f8:fff6::28])
	by mx1.freebsd.org (Postfix) with ESMTP id E60008FC15
	for <freebsd-ports-bugs@hub.freebsd.org>;
	Mon, 21 Dec 2009 20:00:17 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
	by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id nBLK0HAW095753
	for <freebsd-ports-bugs@freefall.freebsd.org>;
	Mon, 21 Dec 2009 20:00:17 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.14.3/8.14.3/Submit) id nBLK0HcZ095745;
	Mon, 21 Dec 2009 20:00:17 GMT (envelope-from gnats)
Resent-Date: Mon, 21 Dec 2009 20:00:17 GMT
Resent-Message-Id: <200912212000.nBLK0HcZ095745@freefall.freebsd.org>
Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer)
Resent-To: freebsd-ports-bugs@FreeBSD.org
Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org,
	Denis Barov <dindin@dindin.ru>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id AEC5310657B8
	for <FreeBSD-gnats-submit@freebsd.org>;
	Mon, 21 Dec 2009 19:59:46 +0000 (UTC)
	(envelope-from dindin@sepulca.yandex.ru)
Received: from archeopterix.yandex.ru (archeopterix.yandex.ru [93.158.136.52])
	by mx1.freebsd.org (Postfix) with ESMTP id 4FBF48FC12
	for <FreeBSD-gnats-submit@freebsd.org>;
	Mon, 21 Dec 2009 19:59:45 +0000 (UTC)
Received: from sepulca.yandex.ru (dhcp170-57-red.yandex.net [95.108.170.57])
	by archeopterix.yandex.ru (Postfix) with ESMTPS id 4D10F59D872;
	Mon, 21 Dec 2009 22:59:44 +0300 (MSK)
Received: from sepulca.yandex.ru (localhost [127.0.0.1])
	by sepulca.yandex.ru (8.14.3/8.14.3) with ESMTP id nBLJxisw081215;
	Mon, 21 Dec 2009 22:59:44 +0300 (MSK)
	(envelope-from dindin@sepulca.yandex.ru)
Received: (from dindin@localhost)
	by sepulca.yandex.ru (8.14.3/8.14.3/Submit) id nBLJxi92081214;
	Mon, 21 Dec 2009 22:59:44 +0300 (MSK) (envelope-from dindin)
Message-Id: <200912211959.nBLJxi92081214@sepulca.yandex.ru>
Date: Mon, 21 Dec 2009 22:59:44 +0300 (MSK)
From: Denis Barov <dindin@dindin.ru>
To: FreeBSD-gnats-submit@FreeBSD.org
X-Send-Pr-Version: 3.113
Cc: stas@FreeBSD.org
Subject: ports/141852: sysutils/fuser allows user to send any signal to any
X-BeenThere: freebsd-ports-bugs@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: Denis Barov <dindin@dindin.ru>
List-Id: Ports bug reports <freebsd-ports-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports-bugs>, 
	<mailto:freebsd-ports-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ports-bugs>
List-Post: <mailto:freebsd-ports-bugs@freebsd.org>
List-Help: <mailto:freebsd-ports-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports-bugs>, 
	<mailto:freebsd-ports-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Dec 2009 20:00:18 -0000


>Number:         141852
>Category:       ports
>Synopsis:       sysutils/fuser allows user to send any signal to any
>Confidential:   no
>Severity:       serious
>Priority:       low
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Dec 21 20:00:17 UTC 2009
>Closed-Date:
>Last-Modified:
>Originator:     Denis Barov
>Release:        FreeBSD 7.2-STABLE i386
>Organization:
>Environment:
System: FreeBSD sepulca.yandex.ru 7.2-STABLE FreeBSD 7.2-STABLE #0 r197611M: Tue Oct 20 00:15:11 MSD 2009 root@ysbackup2.yandex.ru:/opt/tmp/mk_pkg.QZ1mnqtI/obj/i386/opt/usr/SVN/7/sys/SEPULCA i386


	
>Description:
sysutils/fuser allows user to send any signal to any process when
installed with suid bit
>How-To-Repeat:
# chmod +s /usr/local/bin/fuser (as recommended in pkg-message)
% fuser -k /usr/sbin/syslogd
>Fix:

patch:

diff -urN fuser/files/patch-fuser.c fuser/files/patch-fuser.c
--- fuser/files/patch-fuser.c.orig	1970-01-01 03:00:00.000000000 +0300
+++ fuser/files/patch-fuser.c	2009-12-21 22:52:36.000000000 +0300
@@ -0,0 +1,35 @@
+--- fuser.c.orig	2006-03-14 14:07:08.000000000 +0300
++++ fuser.c	2009-12-21 22:51:33.000000000 +0300
+@@ -608,6 +608,7 @@
+ 	char		*ep;
+ 	char		*kernimg = NULL; /* We are using curr. sys by default */
+ 	char		*mcore = NULL;
++  int     retvalue = 0;
+ 
+ 	while ((ch = getopt(argc, argv, "C:K:cfkms:u")) != -1)
+ 		switch(ch) {
+@@ -696,8 +697,13 @@
+ 			if (ufl != 0) {
+ 				print_file_info(pinfo->pid, \
+ 				    pinfo->uid, ufl);
+-				if ((flags & KFLAG) != 0)
+-					(void)kill(pinfo->pid, sig);
++				if ((flags & KFLAG) != 0) {
++            if (geteuid() == getuid()) {
++              (void)kill(pinfo->pid, sig);
++            } else {
++              retvalue = 1;
++            }
++        } 
+ 			}
+ 		}
+ 		(void)fprintf(stderr, "\n");
+@@ -707,7 +713,7 @@
+ 	SLIST_FREE(&prclist, next, pinfo_free);
+ 	(void)kvm_close(kd);
+ 
+-	return 0;
++	return retvalue;
+ 		
+ }
+ 


>Release-Note:
>Audit-Trail:
>Unformatted:
 >process when installed with suid bit