From owner-freebsd-bugs  Fri Feb 23 23:30: 7 2001
Delivered-To: freebsd-bugs@hub.freebsd.org
Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21])
	by hub.freebsd.org (Postfix) with ESMTP id 5DA3F37B684
	for <freebsd-bugs@hub.freebsd.org>; Fri, 23 Feb 2001 23:30:01 -0800 (PST)
	(envelope-from gnats@FreeBSD.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.11.1/8.11.1) id f1O7U1N60034;
	Fri, 23 Feb 2001 23:30:01 -0800 (PST)
	(envelope-from gnats)
Received: from zebu.riken.go.jp (zebu.riken.go.jp [134.160.20.73])
	by hub.freebsd.org (Postfix) with SMTP id 30B4B37B4EC
	for <FreeBSD-gnats-submit@freebsd.org>; Fri, 23 Feb 2001 23:25:40 -0800 (PST)
	(envelope-from mitsuru@zebu.riken.go.jp)
Received: (qmail 75002 invoked by uid 123); 24 Feb 2001 07:25:56 -0000
Message-Id: <20010224072556.75001.qmail@zebu.riken.go.jp>
Date: 24 Feb 2001 07:25:56 -0000
From: mitsuru@riken.go.jp
Reply-To: mitsuru@riken.go.jp
To: FreeBSD-gnats-submit@freebsd.org
X-Send-Pr-Version: 3.2
Subject: bin/25337: dmesg -a
Sender: owner-freebsd-bugs@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


>Number:         25337
>Category:       bin
>Synopsis:       dmesg -a should be restricted
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Fri Feb 23 23:30:01 PST 2001
>Closed-Date:
>Last-Modified:
>Originator:     Mitsuru Yoshida
>Release:        FreeBSD 4.2-STABLE i386
>Organization:
RIKEN
>Environment:

        FreeBSD 4.2-STABLE i386

>Description:

        Using dmesg -a, any user can get all data in the message buffer, 
        and it may cause security problem. Especially all messages written to 
        the console are stored in the message buffer during single user mode, 
        and any user can get them later. The use of -a option should be 
        restricted to root user.

>How-To-Repeat:

	dmesg -a

>Fix:

--- dmesg.c.dist	Wed Feb 21 10:00:26 2001
+++ dmesg.c	Wed Feb 21 10:02:11 2001
@@ -56,6 +56,7 @@
 #include <unistd.h>
 #include <vis.h>
 #include <sys/syslog.h>
+#include <sys/types.h>
 
 struct nlist nl[] = {
 #define	X_MSGBUF	0
@@ -87,6 +88,10 @@
 	while ((ch = getopt(argc, argv, "aM:N:")) != -1)
 		switch(ch) {
 		case 'a':
+			if (getuid() != (uid_t)0) {
+			  fprintf(stderr,"dmesg: must be root to get all data in the message buffer\n");
+			  exit(1);
+			}
 			all++;
 			break;
 		case 'M':
>Release-Note:
>Audit-Trail:
>Unformatted:

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message