Date: Mon, 14 Apr 2014 15:51:15 +0200 From: Robert Faulds <frf@faulds.net> To: jilles@FreeBSD.org, freebsd-bugs@FreeBSD.org Subject: Re: kern/127048: systat(1) information leak when security.bsd.see_other_uids=0 Message-ID: <534BE7D3.3010601@faulds.net> In-Reply-To: <201404132043.s3DKhT8H007733@freefall.freebsd.org> References: <201404132043.s3DKhT8H007733@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
This was fixed many years ago. Dunno why the bug is still open. I had completely forgotten about it. Robert On 4/13/14, 10:43 PM, jilles@FreeBSD.org wrote: > Synopsis: systat(1) information leak when security.bsd.see_other_uids=0 > > State-Changed-From-To: open->feedback > State-Changed-By: jilles > State-Changed-When: Sun Apr 13 20:41:07 UTC 2014 > State-Changed-Why: > I tested this on stable/9 and head (11.0) and it appears to work properly. > > Either this was fixed since 7.0 or there is something special about > your environment. > > Make sure that /usr/bin/systat does not have setuid/setgid bits set; > if so, it will read from kernel memory and ignore > security.bsd.see_other_uids. > > Can you provide more information? > > > Responsible-Changed-From-To: freebsd-bugs->jilles > Responsible-Changed-By: jilles > Responsible-Changed-When: Sun Apr 13 20:41:07 UTC 2014 > Responsible-Changed-Why: > Track replies. > > http://www.freebsd.org/cgi/query-pr.cgi?pr=127048 >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?534BE7D3.3010601>