svn commit: r195994 - projects/libprocstat/usr.bin/fstat
Stanislav Sedov
stas at FreeBSD.org
Fri Jul 31 12:52:33 UTC 2009
Author: stas
Date: Fri Jul 31 12:52:32 2009
New Revision: 195994
URL: http://svn.freebsd.org/changeset/base/195994
Log:
- Do not install fstat/fuser with increased privileges. In the discussion
with rwatson it was decided that we might not want to expose much detail
about process the user has no relation to.
- Do not emit warning in case of insufficient permissions to access the
process file descriptors data.
Modified:
projects/libprocstat/usr.bin/fstat/Makefile
projects/libprocstat/usr.bin/fstat/fstat.c
projects/libprocstat/usr.bin/fstat/fuser.c
projects/libprocstat/usr.bin/fstat/libprocstat.c
Modified: projects/libprocstat/usr.bin/fstat/Makefile
==============================================================================
--- projects/libprocstat/usr.bin/fstat/Makefile Fri Jul 31 12:43:01 2009 (r195993)
+++ projects/libprocstat/usr.bin/fstat/Makefile Fri Jul 31 12:52:32 2009 (r195994)
@@ -9,8 +9,6 @@ SRCS= cd9660.c common_kvm.c fstat.c fuse
LINKS= ${BINDIR}/fstat ${BINDIR}/fuser
DPADD= ${LIBKVM}
LDADD= -lkvm -lutil
-BINGRP= kmem
-BINMODE=2555
WARNS?= 6
MAN1= fuser.1 fstat.1
Modified: projects/libprocstat/usr.bin/fstat/fstat.c
==============================================================================
--- projects/libprocstat/usr.bin/fstat/fstat.c Fri Jul 31 12:43:01 2009 (r195993)
+++ projects/libprocstat/usr.bin/fstat/fstat.c Fri Jul 31 12:52:32 2009 (r195994)
@@ -165,19 +165,12 @@ do_fstat(int argc, char **argv)
checkfile = 1;
}
- /*
- * Discard setgid privileges if not the running kernel so that bad
- * guys can't print interesting stuff from kernel memory.
- */
- if (nlistf != NULL || memf != NULL)
- setgid(getgid());
procstat = procstat_open(nlistf, memf);
if (procstat == NULL)
errx(1, "procstat_open()");
p = procstat_getprocs(procstat, what, arg, &cnt);
if (p == NULL)
errx(1, "procstat_getprocs()");
- setgid(getgid());
/*
* Print header.
Modified: projects/libprocstat/usr.bin/fstat/fuser.c
==============================================================================
--- projects/libprocstat/usr.bin/fstat/fuser.c Fri Jul 31 12:43:01 2009 (r195993)
+++ projects/libprocstat/usr.bin/fstat/fuser.c Fri Jul 31 12:52:32 2009 (r195994)
@@ -239,19 +239,12 @@ do_fuser(int argc, char *argv[])
if (nfiles == 0)
errx(EX_IOERR, "files not accessible");
- /*
- * Discard setgid privileges if not the running kernel so that bad
- * guys can't print interesting stuff from kernel memory.
- */
- if (nlistf != NULL || memf != NULL)
- setgid(getgid());
procstat = procstat_open(nlistf, memf);
if (procstat == NULL)
errx(1, "procstat_open()");
p = procstat_getprocs(procstat, KERN_PROC_PROC, 0, &cnt);
if (p == NULL)
errx(1, "procstat_getprocs()");
- setgid(getgid());
/*
* Walk through process table and look for matching files.
Modified: projects/libprocstat/usr.bin/fstat/libprocstat.c
==============================================================================
--- projects/libprocstat/usr.bin/fstat/libprocstat.c Fri Jul 31 12:43:01 2009 (r195993)
+++ projects/libprocstat/usr.bin/fstat/libprocstat.c Fri Jul 31 12:52:32 2009 (r195994)
@@ -191,7 +191,7 @@ procstat_getprocs(struct procstat *procs
name[2] = what;
name[3] = arg;
error = sysctl(name, 4, NULL, &len, NULL, 0);
- if (error < 0) {
+ if (error < 0 && errno != EPERM) {
warn("sysctl(kern.proc)");
goto fail;
}
@@ -205,7 +205,7 @@ procstat_getprocs(struct procstat *procs
goto fail;
}
error = sysctl(name, 4, p, &len, NULL, 0);
- if (error < 0) {
+ if (error < 0 && errno != EPERM) {
warn("sysctl(kern.proc)");
goto fail;
}
More information about the svn-src-projects
mailing list