svn commit: r195883 - projects/libprocstat/usr.bin/fstat
Stanislav Sedov
stas at FreeBSD.org
Sun Jul 26 07:48:22 UTC 2009
Author: stas
Date: Sun Jul 26 07:48:22 2009
New Revision: 195883
URL: http://svn.freebsd.org/changeset/base/195883
Log:
- Install with setgid mode (required for sysctl access).
- Discard setgid privilegies after file list retrieval.
Modified:
projects/libprocstat/usr.bin/fstat/Makefile
projects/libprocstat/usr.bin/fstat/fstat.c
projects/libprocstat/usr.bin/fstat/fuser.c
Modified: projects/libprocstat/usr.bin/fstat/Makefile
==============================================================================
--- projects/libprocstat/usr.bin/fstat/Makefile Sun Jul 26 06:38:56 2009 (r195882)
+++ projects/libprocstat/usr.bin/fstat/Makefile Sun Jul 26 07:48:22 2009 (r195883)
@@ -8,6 +8,8 @@ SRCS= cd9660.c common_kvm.c fstat.c fuse
LINKS= ${BINDIR}/fstat ${BINDIR}/fuser
DPADD= ${LIBKVM}
LDADD= -lkvm -lutil
+BINGRP= kmem
+BINMODE=2555
WARNS?= 6
MAN1= fuser.1 fstat.1
Modified: projects/libprocstat/usr.bin/fstat/fstat.c
==============================================================================
--- projects/libprocstat/usr.bin/fstat/fstat.c Sun Jul 26 06:38:56 2009 (r195882)
+++ projects/libprocstat/usr.bin/fstat/fstat.c Sun Jul 26 07:48:22 2009 (r195883)
@@ -165,12 +165,19 @@ do_fstat(int argc, char **argv)
checkfile = 1;
}
+ /*
+ * Discard setgid privileges if not the running kernel so that bad
+ * guys can't print interesting stuff from kernel memory.
+ */
+ if (nlistf != NULL || memf != NULL)
+ setgid(getgid());
procstat = procstat_open(nlistf, memf);
if (procstat == NULL)
errx(1, "procstat_open()");
p = procstat_getprocs(procstat, what, arg, &cnt);
if (p == NULL)
errx(1, "procstat_getprocs()");
+ setgid(getgid());
/*
* Print header.
Modified: projects/libprocstat/usr.bin/fstat/fuser.c
==============================================================================
--- projects/libprocstat/usr.bin/fstat/fuser.c Sun Jul 26 06:38:56 2009 (r195882)
+++ projects/libprocstat/usr.bin/fstat/fuser.c Sun Jul 26 07:48:22 2009 (r195883)
@@ -168,11 +168,11 @@ do_fuser(int argc, char *argv[])
struct reqfile *reqfiles;
int ch, cnt, sig;
unsigned int i, nfiles;
- char *ep, *kernimg, *mcore;
+ char *ep, *nlistf, *memf;
sig = SIGKILL; /* Default to kill. */
- kernimg = NULL;
- mcore = NULL;
+ nlistf = NULL;
+ memf = NULL;
while ((ch = getopt(argc, argv, "M:N:cfhkms:u")) != -1)
switch(ch) {
case 'f':
@@ -186,10 +186,10 @@ do_fuser(int argc, char *argv[])
flags |= CFLAG;
break;
case 'N':
- kernimg = optarg;
+ nlistf = optarg;
break;
case 'M':
- mcore = optarg;
+ memf = optarg;
break;
case 'u':
flags |= UFLAG;
@@ -240,12 +240,19 @@ do_fuser(int argc, char *argv[])
if (nfiles == 0)
errx(EX_IOERR, "files not accessible");
- procstat = procstat_open(kernimg, mcore);
+ /*
+ * Discard setgid privileges if not the running kernel so that bad
+ * guys can't print interesting stuff from kernel memory.
+ */
+ if (nlistf != NULL || memf != NULL)
+ setgid(getgid());
+ procstat = procstat_open(nlistf, memf);
if (procstat == NULL)
errx(1, "procstat_open()");
p = procstat_getprocs(procstat, KERN_PROC_PROC, 0, &cnt);
if (p == NULL)
errx(1, "procstat_getprocs()");
+ setgid(getgid());
/*
* Walk through process table and look for matching files.
More information about the svn-src-projects
mailing list