kern/127048: systat(1) information leak when security.bsd.see_other_uids=0
Robert Faulds
frf at faulds.net
Mon Apr 14 13:51:29 UTC 2014
This was fixed many years ago.
Dunno why the bug is still open. I had completely forgotten about it.
Robert
On 4/13/14, 10:43 PM, jilles at FreeBSD.org wrote:
> Synopsis: systat(1) information leak when security.bsd.see_other_uids=0
>
> State-Changed-From-To: open->feedback
> State-Changed-By: jilles
> State-Changed-When: Sun Apr 13 20:41:07 UTC 2014
> State-Changed-Why:
> I tested this on stable/9 and head (11.0) and it appears to work properly.
>
> Either this was fixed since 7.0 or there is something special about
> your environment.
>
> Make sure that /usr/bin/systat does not have setuid/setgid bits set;
> if so, it will read from kernel memory and ignore
> security.bsd.see_other_uids.
>
> Can you provide more information?
>
>
> Responsible-Changed-From-To: freebsd-bugs->jilles
> Responsible-Changed-By: jilles
> Responsible-Changed-When: Sun Apr 13 20:41:07 UTC 2014
> Responsible-Changed-Why:
> Track replies.
>
> http://www.freebsd.org/cgi/query-pr.cgi?pr=127048
>
More information about the freebsd-bugs
mailing list