Date: Fri, 31 Jul 2009 12:52:33 +0000 (UTC) From: Stanislav Sedov <stas@FreeBSD.org> To: src-committers@freebsd.org, svn-src-projects@freebsd.org Subject: svn commit: r195994 - projects/libprocstat/usr.bin/fstat Message-ID: <200907311252.n6VCqXWf069563@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: stas Date: Fri Jul 31 12:52:32 2009 New Revision: 195994 URL: http://svn.freebsd.org/changeset/base/195994 Log: - Do not install fstat/fuser with increased privileges. In the discussion with rwatson it was decided that we might not want to expose much detail about process the user has no relation to. - Do not emit warning in case of insufficient permissions to access the process file descriptors data. Modified: projects/libprocstat/usr.bin/fstat/Makefile projects/libprocstat/usr.bin/fstat/fstat.c projects/libprocstat/usr.bin/fstat/fuser.c projects/libprocstat/usr.bin/fstat/libprocstat.c Modified: projects/libprocstat/usr.bin/fstat/Makefile ============================================================================== --- projects/libprocstat/usr.bin/fstat/Makefile Fri Jul 31 12:43:01 2009 (r195993) +++ projects/libprocstat/usr.bin/fstat/Makefile Fri Jul 31 12:52:32 2009 (r195994) @@ -9,8 +9,6 @@ SRCS= cd9660.c common_kvm.c fstat.c fuse LINKS= ${BINDIR}/fstat ${BINDIR}/fuser DPADD= ${LIBKVM} LDADD= -lkvm -lutil -BINGRP= kmem -BINMODE=2555 WARNS?= 6 MAN1= fuser.1 fstat.1 Modified: projects/libprocstat/usr.bin/fstat/fstat.c ============================================================================== --- projects/libprocstat/usr.bin/fstat/fstat.c Fri Jul 31 12:43:01 2009 (r195993) +++ projects/libprocstat/usr.bin/fstat/fstat.c Fri Jul 31 12:52:32 2009 (r195994) @@ -165,19 +165,12 @@ do_fstat(int argc, char **argv) checkfile = 1; } - /* - * Discard setgid privileges if not the running kernel so that bad - * guys can't print interesting stuff from kernel memory. - */ - if (nlistf != NULL || memf != NULL) - setgid(getgid()); procstat = procstat_open(nlistf, memf); if (procstat == NULL) errx(1, "procstat_open()"); p = procstat_getprocs(procstat, what, arg, &cnt); if (p == NULL) errx(1, "procstat_getprocs()"); - setgid(getgid()); /* * Print header. Modified: projects/libprocstat/usr.bin/fstat/fuser.c ============================================================================== --- projects/libprocstat/usr.bin/fstat/fuser.c Fri Jul 31 12:43:01 2009 (r195993) +++ projects/libprocstat/usr.bin/fstat/fuser.c Fri Jul 31 12:52:32 2009 (r195994) @@ -239,19 +239,12 @@ do_fuser(int argc, char *argv[]) if (nfiles == 0) errx(EX_IOERR, "files not accessible"); - /* - * Discard setgid privileges if not the running kernel so that bad - * guys can't print interesting stuff from kernel memory. - */ - if (nlistf != NULL || memf != NULL) - setgid(getgid()); procstat = procstat_open(nlistf, memf); if (procstat == NULL) errx(1, "procstat_open()"); p = procstat_getprocs(procstat, KERN_PROC_PROC, 0, &cnt); if (p == NULL) errx(1, "procstat_getprocs()"); - setgid(getgid()); /* * Walk through process table and look for matching files. Modified: projects/libprocstat/usr.bin/fstat/libprocstat.c ============================================================================== --- projects/libprocstat/usr.bin/fstat/libprocstat.c Fri Jul 31 12:43:01 2009 (r195993) +++ projects/libprocstat/usr.bin/fstat/libprocstat.c Fri Jul 31 12:52:32 2009 (r195994) @@ -191,7 +191,7 @@ procstat_getprocs(struct procstat *procs name[2] = what; name[3] = arg; error = sysctl(name, 4, NULL, &len, NULL, 0); - if (error < 0) { + if (error < 0 && errno != EPERM) { warn("sysctl(kern.proc)"); goto fail; } @@ -205,7 +205,7 @@ procstat_getprocs(struct procstat *procs goto fail; } error = sysctl(name, 4, p, &len, NULL, 0); - if (error < 0) { + if (error < 0 && errno != EPERM) { warn("sysctl(kern.proc)"); goto fail; }
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200907311252.n6VCqXWf069563>