From owner-svn-src-head@freebsd.org  Mon Jun  4 15:13:42 2018
Return-Path: <owner-svn-src-head@freebsd.org>
Delivered-To: svn-src-head@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 70F41FEBB73;
 Mon,  4 Jun 2018 15:13:42 +0000 (UTC)
 (envelope-from freebsd@pdx.rh.CN85.dnsmgr.net)
Received: from pdx.rh.CN85.dnsmgr.net (br1.CN84in.dnsmgr.net [69.59.192.140])
 (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id B272A6BFCB;
 Mon,  4 Jun 2018 15:13:32 +0000 (UTC)
 (envelope-from freebsd@pdx.rh.CN85.dnsmgr.net)
Received: from pdx.rh.CN85.dnsmgr.net (localhost [127.0.0.1])
 by pdx.rh.CN85.dnsmgr.net (8.13.3/8.13.3) with ESMTP id w54FDMZZ096289;
 Mon, 4 Jun 2018 08:13:22 -0700 (PDT)
 (envelope-from freebsd@pdx.rh.CN85.dnsmgr.net)
Received: (from freebsd@localhost)
 by pdx.rh.CN85.dnsmgr.net (8.13.3/8.13.3/Submit) id w54FDMZn096288;
 Mon, 4 Jun 2018 08:13:22 -0700 (PDT) (envelope-from freebsd)
From: "Rodney W. Grimes" <freebsd@pdx.rh.CN85.dnsmgr.net>
Message-Id: <201806041513.w54FDMZn096288@pdx.rh.CN85.dnsmgr.net>
Subject: Re: svn commit: r334543 - head/usr.bin/top
In-Reply-To: <tkrat.64db049600e16237@FreeBSD.org>
To: Don Lewis <truckman@FreeBSD.org>
Date: Mon, 4 Jun 2018 08:13:22 -0700 (PDT)
CC: rgrimes@FreeBSD.org, Eitan Adler <eadler@FreeBSD.org>,
 src-committers@FreeBSD.org, svn-src-all@FreeBSD.org,
 svn-src-head@FreeBSD.org
Reply-To: rgrimes@FreeBSD.org
X-Mailer: ELM [version 2.4ME+ PL121h (25)]
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset=US-ASCII
X-BeenThere: svn-src-head@freebsd.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: SVN commit messages for the src tree for head/-current
 <svn-src-head.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-head>,
 <mailto:svn-src-head-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-head/>
List-Post: <mailto:svn-src-head@freebsd.org>
List-Help: <mailto:svn-src-head-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-head>,
 <mailto:svn-src-head-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 04 Jun 2018 15:13:42 -0000

> On  2 Jun, Rodney W. Grimes wrote:
> >> Author: eadler
> >> Date: Sat Jun  2 22:06:27 2018
> >> New Revision: 334543
> >> URL: https://svnweb.freebsd.org/changeset/base/334543
> >> 
> >> Log:
> >>   top(1): chdir to / as init; remove unneeded comment
> >>   
> >>   - chdir to / to allow unmounting of wd
> >>   - remove warning about running top(1) as setuid. If this is a concern we
> >>   should just drop privs instead.
> >> 
> >> Modified:
> >>   head/usr.bin/top/machine.c
> >>   head/usr.bin/top/top.c
> >> 
> >> Modified: head/usr.bin/top/machine.c
> >> ==============================================================================
> >> --- head/usr.bin/top/machine.c	Sat Jun  2 21:50:00 2018	(r334542)
> >> +++ head/usr.bin/top/machine.c	Sat Jun  2 22:06:27 2018	(r334543)
> >> @@ -1613,11 +1613,6 @@ compare_ivcsw(const void *arg1, const void *arg2)
> >>  /*
> >>   * proc_owner(pid) - returns the uid that owns process "pid", or -1 if
> >>   *		the process does not exist.
> >> - *		It is EXTREMELY IMPORTANT that this function work correctly.
> >> - *		If top runs setuid root (as in SVR4), then this function
> >> - *		is the only thing that stands in the way of a serious
> >> - *		security problem.  It validates requests for the "kill"
> >> - *		and "renice" commands.
> >>   */
> >>  
> >>  int
> >> 
> >> Modified: head/usr.bin/top/top.c
> >> ==============================================================================
> >> --- head/usr.bin/top/top.c	Sat Jun  2 21:50:00 2018	(r334542)
> >> +++ head/usr.bin/top/top.c	Sat Jun  2 22:06:27 2018	(r334543)
> >> @@ -260,6 +260,15 @@ main(int argc, char *argv[])
> >>  #define CMD_order	26
> >>  #define CMD_pid		27
> >>  
> >> +    /*
> >> +     * Since top(1) is often long running and
> >> +     * doesn't typically care about where its running from
> >> +     * chdir to the root to allow unmounting of its
> >> +     * originall wd. Failure is alright as this is
> >> +     * just a courtesy for users.
> >> +     */
> >> +    chdir("/");
> >> +
> > 
> > Bad side effect of doing that is it is not hard to get a "core"
> > from top when run as a user, as it is going to try to write
> > to /, and it probably does not have permission for that.
> > 
> > Better might be a cd to /tmp, or /var/tmp, which are usually
> > hard to unmount for these reasons anyway.
> 
> Unless you start top using the exec shell builtin, the shell that you
> use to launch top will also be long running and will also prevent its
> $cwd from being unmounted.

Thats a good point, so that makes the chdir worthless.

> If you do use exec, then you will get logged out when you kill top ...

:-(.

The long standing (30 years) solution is to use lsof and find 
the processes that have cwd's in what ever it is you want to
unmount.

Special casing top(1) is just a none solution to the
can not unmount foo problem.


-- 
Rod Grimes                                                 rgrimes@freebsd.org