diff options
| author |   deraadt <deraadt@openbsd.org> | 1996-05-30 09:10:46 +0000 |
|---|---|---|
| committer | deraadt <deraadt@openbsd.org> | 1996-05-30 09:10:46 +0000 |
| commit | a0277a945957d55e25e204c80ae16571ae1a6026 (patch) | |
| tree | dce470b9cf76f0ef1e15f7d02651811b45c46313 | |
| parent | optimize something like "finger @@@@@@@@@@@@@cvs@@@@@@cvs@@@@@@cvs' to hit (diff) | |
| download | wireguard-openbsd-a0277a945957d55e25e204c80ae16571ae1a6026.tar.xz wireguard-openbsd-a0277a945957d55e25e204c80ae16571ae1a6026.zip | |
revoke privs before opening kvm if user has specified mem/kernel paths
| -rw-r--r-- | sbin/ccdconfig/ccdconfig.c | 9 | ||||
| -rw-r--r-- | usr.bin/ipcs/ipcs.c | 6 | ||||
| -rw-r--r-- | usr.bin/w/w.c | 7 | ||||
| -rw-r--r-- | usr.sbin/slstats/slstats.c | 11 | ||||
| -rw-r--r-- | usr.sbin/trpt/trpt.c | 9 | ||||
| -rw-r--r-- | usr.sbin/trsp/trsp.c | 8 |
6 files changed, 45 insertions, 5 deletions
diff --git a/sbin/ccdconfig/ccdconfig.c b/sbin/ccdconfig/ccdconfig.c index 1fbc6b79150..a1d4eca88fa 100644 --- a/sbin/ccdconfig/ccdconfig.c +++ b/sbin/ccdconfig/ccdconfig.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ccdconfig.c,v 1.4 1996/05/22 11:34:48 deraadt Exp $ */ +/* $OpenBSD: ccdconfig.c,v 1.5 1996/05/30 09:11:20 deraadt Exp $ */ /* $NetBSD: ccdconfig.c,v 1.6 1996/05/16 07:11:18 thorpej Exp $ */ /*- @@ -164,6 +164,13 @@ main(argc, argv) if (options > 1) usage(); + /* + * Discard setgid privileges if not the running kernel so that bad + * guys can't print interesting stuff from kernel memory. + */ + if (core != NULL || kernel != NULL) + setgid(getgid()); + switch (action) { case CCD_CONFIG: case CCD_UNCONFIG: diff --git a/usr.bin/ipcs/ipcs.c b/usr.bin/ipcs/ipcs.c index 38855e85e60..081eb086cd4 100644 --- a/usr.bin/ipcs/ipcs.c +++ b/usr.bin/ipcs/ipcs.c @@ -181,6 +181,12 @@ main(argc, argv) default: usage(); } + /* + * Discard setgid privileges if not the running kernel so that bad + * guys can't print interesting stuff from kernel memory. + */ + if (namelist != NULL || core != NULL) + setgid(getgid()); if ((kd = kvm_open(namelist, core, NULL, O_RDONLY, "ipcs")) == NULL) exit(1); diff --git a/usr.bin/w/w.c b/usr.bin/w/w.c index 1eee27dde0b..f7deb59f1f7 100644 --- a/usr.bin/w/w.c +++ b/usr.bin/w/w.c @@ -166,6 +166,13 @@ main(argc, argv) argc -= optind; argv += optind; + /* + * Discard setgid privileges if not the running kernel so that bad + * guys can't print interesting stuff from kernel memory. + */ + if (nlistf != NULL || memf != NULL) + setgid(getgid()); + if ((kd = kvm_openfiles(nlistf, memf, NULL, O_RDONLY, errbuf)) == NULL) errx(1, "%s", errbuf); diff --git a/usr.sbin/slstats/slstats.c b/usr.sbin/slstats/slstats.c index fbd75c57254..d8efda4ffb3 100644 --- a/usr.sbin/slstats/slstats.c +++ b/usr.sbin/slstats/slstats.c @@ -23,8 +23,8 @@ #ifndef lint /*static char rcsid[] = - "@(#) $Header: /home/cvs/src/usr.sbin/slstats/Attic/slstats.c,v 1.1.1.1 1995/10/18 08:48:21 deraadt Exp $ (LBL)";*/ -static char rcsid[] = "$Id: slstats.c,v 1.1.1.1 1995/10/18 08:48:21 deraadt Exp $"; + "@(#) $Header: /home/cvs/src/usr.sbin/slstats/Attic/slstats.c,v 1.2 1996/05/30 09:11:17 deraadt Exp $ (LBL)";*/ +static char rcsid[] = "$Id: slstats.c,v 1.2 1996/05/30 09:11:17 deraadt Exp $"; #endif #include <stdio.h> @@ -104,6 +104,13 @@ main(argc, argv) kflag++; } } + /* + * Discard setgid privileges if not the running kernel so that bad + * guys can't print interesting stuff from kernel memory. + */ + if (system != _PATH_UNIX || kmemf != _PATH_KMEM) + setgid(getgid()); + if (kopen(system, kmemf, "slstats") < 0) exit(1); if (knlist(system, nl, "slstats") < 0) diff --git a/usr.sbin/trpt/trpt.c b/usr.sbin/trpt/trpt.c index e9f62d8e8fc..667f1aa4479 100644 --- a/usr.sbin/trpt/trpt.c +++ b/usr.sbin/trpt/trpt.c @@ -39,7 +39,7 @@ char copyright[] = #ifndef lint /*static char sccsid[] = "from: @(#)trpt.c 5.14 (Berkeley) 7/1/91";*/ -static char rcsid[] = "$Id: trpt.c,v 1.1.1.1 1995/10/18 08:48:29 deraadt Exp $"; +static char rcsid[] = "$Id: trpt.c,v 1.2 1996/05/30 09:11:11 deraadt Exp $"; #endif /* not lint */ #include <sys/param.h> @@ -163,6 +163,13 @@ main(argc, argv) else system = _PATH_UNIX; + /* + * Discard setgid priviledges if not the running kernel so that bad + * guys can't print interesting stuff from kernel memory. + */ + if (core != _PATH_KMEM || system != _PATH_UNIX) + setgid(getgid()); + if (nlist(system, nl) < 0 || !nl[0].n_value) { fprintf(stderr, "trpt: %s: no namelist\n", system); exit(1); diff --git a/usr.sbin/trsp/trsp.c b/usr.sbin/trsp/trsp.c index 5212ee0eeaf..43995c3532c 100644 --- a/usr.sbin/trsp/trsp.c +++ b/usr.sbin/trsp/trsp.c @@ -39,7 +39,7 @@ char copyright[] = #ifndef lint /*static char sccsid[] = "from: @(#)trsp.c 6.8 (Berkeley) 3/2/91";*/ -static char rcsid[] = "$Id: trsp.c,v 1.1.1.1 1995/10/18 08:48:30 deraadt Exp $"; +static char rcsid[] = "$Id: trsp.c,v 1.2 1996/05/30 09:10:46 deraadt Exp $"; #endif /* not lint */ #include <sys/cdefs.h> @@ -145,6 +145,12 @@ again: argc--, argv++; mask++; } + /* + * Discard setgid privileges if not the running kernel so that bad + * guys can't print interesting stuff from kernel memory. + */ + if (system != _PATH_UNIX || core != _PATH_KMEM) + setgid(getgid()); (void) nlist(system, nl); if (nl[0].n_value == 0) { fprintf(stderr, "trsp: %s: no namelist\n", system); |