the kvm database only needs to be readable by kmem group. make it so.

1 files changed, 15 insertions, 6 deletions

diff --git a/usr.sbin/kvm_mkdb/kvm_mkdb.c b/usr.sbin/kvm_mkdb/kvm_mkdb.c
index cfd043af797..6223ae6d2d1 100644
--- a/usr.sbin/kvm_mkdb/kvm_mkdb.c
+++ b/usr.sbin/kvm_mkdb/kvm_mkdb.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: kvm_mkdb.c,v 1.18 2014/07/20 01:38:40 guenther Exp $	*/
+/*	$OpenBSD: kvm_mkdb.c,v 1.19 2014/12/23 03:29:52 tedu Exp $	*/
 
 /*-
  * Copyright (c) 1990, 1993
@@ -31,6 +31,9 @@
 
 #include <sys/param.h>
 #include <sys/stat.h>
+#include <sys/types.h>
+#include <sys/time.h>
+#include <sys/resource.h>
 
 #include <db.h>
 #include <err.h>
@@ -42,10 +45,7 @@
 #include <stdlib.h>
 #include <string.h>
 #include <unistd.h>
-
-#include <sys/types.h>
-#include <sys/time.h>
-#include <sys/resource.h>
+#include <grp.h>
 
 #include "extern.h"
 
@@ -131,6 +131,7 @@ kvm_mkdb(int fd, const char *dbdir, char *nlistpath, char *nlistname,
 	DB *db;
 	char dbtemp[MAXPATHLEN], dbname[MAXPATHLEN];
 	int r;
+	struct group *gr;
 
 	r = snprintf(dbtemp, sizeof(dbtemp), "%skvm_%s.tmp",
 	    dbdir, nlistname);
@@ -155,7 +156,7 @@ kvm_mkdb(int fd, const char *dbdir, char *nlistpath, char *nlistname,
 
 	(void)umask(0);
 	db = dbopen(dbtemp, O_CREAT | O_EXLOCK | O_TRUNC | O_RDWR,
-	    S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH, DB_HASH, &openinfo);
+	    S_IRUSR | S_IWUSR | S_IRGRP, DB_HASH, &openinfo);
 	if (db == NULL) {
 		warn("can't dbopen %s", dbtemp);
 		return(1);
@@ -170,6 +171,14 @@ kvm_mkdb(int fd, const char *dbdir, char *nlistpath, char *nlistname,
 		(void)unlink(dbtemp);
 		return(1);
 	}
+
+	if ((gr = getgrnam("kmem")) == NULL) {
+		warn("can't find kmem group");
+	} else if (chown(dbtemp, -1, gr->gr_gid)) {
+		warn("can't chown %s", dbtemp);
+		(void)unlink(dbtemp);
+		return(1);
+	}
 	if (rename(dbtemp, dbname)) {
 		warn("rename %s to %s", dbtemp, dbname);
 		(void)unlink(dbtemp);