From owner-freebsd-audit  Tue May  8  0:19:50 2001
Delivered-To: freebsd-audit@freebsd.org
Received: from obsecurity.dyndns.org (adsl-63-207-60-108.dsl.lsan03.pacbell.net [63.207.60.108])
	by hub.freebsd.org (Postfix) with ESMTP id 504B237B422
	for <audit@FreeBSD.org>; Tue,  8 May 2001 00:19:46 -0700 (PDT)
	(envelope-from kris@obsecurity.org)
Received: by obsecurity.dyndns.org (Postfix, from userid 1000)
	id 8FB2767AF7; Tue,  8 May 2001 00:19:45 -0700 (PDT)
Date: Tue, 8 May 2001 00:19:45 -0700
From: Kris Kennaway <kris@obsecurity.org>
To: audit@FreeBSD.org
Subject: fstat patches
Message-ID: <20010508001945.A86617@xor.obsecurity.org>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
	protocol="application/pgp-signature"; boundary="WIyZ46R2i8wDzkSu"
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
Sender: owner-freebsd-audit@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG


--WIyZ46R2i8wDzkSu
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

These are taken from OpenBSD.  Please review: I don't know if the
setegid() changes actually serve a purpose..can anyone explain it to
me?

Kris

Index: fstat.c
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
RCS file: /mnt/ncvs/src/usr.bin/fstat/fstat.c,v
retrieving revision 1.29
diff -u -r1.29 fstat.c
--- fstat.c	2001/05/01 08:46:00	1.29
+++ fstat.c	2001/05/08 07:16:33
@@ -231,11 +231,17 @@
 	 * Discard setgid privileges if not the running kernel so that bad
 	 * guys can't print interesting stuff from kernel memory.
 	 */
-	if (nlistf !=3D NULL || memf !=3D NULL)
+	if (nlistf !=3D NULL || memf !=3D NULL) {
+		setegid(getgid());
 		setgid(getgid());
+	}
=20
 	if ((kd =3D kvm_openfiles(nlistf, memf, NULL, O_RDONLY, buf)) =3D=3D NULL)
 		errx(1, "%s", buf);
+
+	setegid(getgid());
+	setgid(getgid());
+
 #ifdef notdef
 	if (kvm_nlist(kd, nl) !=3D 0)
 		errx(1, "no namelist: %s", kvm_geterr(kd));
@@ -479,7 +485,7 @@
 			break;
 		=09
 		default: {
-			static char unknown[10];
+			static char unknown[20];
 			sprintf(badtype =3D unknown, "?(%x)", vn.v_tag);
 			break;;
 		}
@@ -697,7 +703,7 @@
 	struct inpcb	inpcb;
 	struct unpcb	unpcb;
 	int len;
-	char dname[32], *strcpy();
+	char dname[32];
=20
 	PREFIX(i);
=20
@@ -722,7 +728,7 @@
 	}
=20
 	if ((len =3D kvm_read(kd, (u_long)dom.dom_name, dname,
-	    sizeof(dname) - 1)) < 0) {
+	    sizeof(dname) - 1)) !=3D sizeof(dname) -1) {
 		dprintf(stderr, "can't read domain name at %p\n",
 		    (void *)dom.dom_name);
 		dname[0] =3D '\0';

--WIyZ46R2i8wDzkSu
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.5 (FreeBSD)
Comment: For info see http://www.gnupg.org

iD8DBQE6954QWry0BWjoQKURAsnRAJoCfTy2j6RqQPWkf12ex8TANtTmKwCeMm31
kLEReyjFUAKFIvxXdFatMRs=
=kSJz
-----END PGP SIGNATURE-----

--WIyZ46R2i8wDzkSu--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-audit" in the body of the message