Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 8 May 2001 00:19:45 -0700
From:      Kris Kennaway <kris@obsecurity.org>
To:        audit@FreeBSD.org
Subject:   fstat patches
Message-ID:  <20010508001945.A86617@xor.obsecurity.org>
next in thread | raw e-mail | index | archive | help 

--WIyZ46R2i8wDzkSu
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

These are taken from OpenBSD.  Please review: I don't know if the
setegid() changes actually serve a purpose..can anyone explain it to
me?

Kris

Index: fstat.c
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
RCS file: /mnt/ncvs/src/usr.bin/fstat/fstat.c,v
retrieving revision 1.29
diff -u -r1.29 fstat.c
--- fstat.c	2001/05/01 08:46:00	1.29
+++ fstat.c	2001/05/08 07:16:33
@@ -231,11 +231,17 @@
 	 * Discard setgid privileges if not the running kernel so that bad
 	 * guys can't print interesting stuff from kernel memory.
 	 */
-	if (nlistf !=3D NULL || memf !=3D NULL)
+	if (nlistf !=3D NULL || memf !=3D NULL) {
+		setegid(getgid());
 		setgid(getgid());
+	}
=20
 	if ((kd =3D kvm_openfiles(nlistf, memf, NULL, O_RDONLY, buf)) =3D=3D NULL)
 		errx(1, "%s", buf);
+
+	setegid(getgid());
+	setgid(getgid());
+
 #ifdef notdef
 	if (kvm_nlist(kd, nl) !=3D 0)
 		errx(1, "no namelist: %s", kvm_geterr(kd));
@@ -479,7 +485,7 @@
 			break;
 		=09
 		default: {
-			static char unknown[10];
+			static char unknown[20];
 			sprintf(badtype =3D unknown, "?(%x)", vn.v_tag);
 			break;;
 		}
@@ -697,7 +703,7 @@
 	struct inpcb	inpcb;
 	struct unpcb	unpcb;
 	int len;
-	char dname[32], *strcpy();
+	char dname[32];
=20
 	PREFIX(i);
=20
@@ -722,7 +728,7 @@
 	}
=20
 	if ((len =3D kvm_read(kd, (u_long)dom.dom_name, dname,
-	    sizeof(dname) - 1)) < 0) {
+	    sizeof(dname) - 1)) !=3D sizeof(dname) -1) {
 		dprintf(stderr, "can't read domain name at %p\n",
 		    (void *)dom.dom_name);
 		dname[0] =3D '\0';

--WIyZ46R2i8wDzkSu
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.5 (FreeBSD)
Comment: For info see http://www.gnupg.org

iD8DBQE6954QWry0BWjoQKURAsnRAJoCfTy2j6RqQPWkf12ex8TANtTmKwCeMm31
kLEReyjFUAKFIvxXdFatMRs=
=kSJz
-----END PGP SIGNATURE-----

--WIyZ46R2i8wDzkSu--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-audit" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010508001945.A86617>