From owner-freebsd-security Sun Aug 10 15:27:25 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id PAA19804 for security-outgoing; Sun, 10 Aug 1997 15:27:25 -0700 (PDT) Received: from netrail.net (netrail.net [205.215.10.3]) by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id PAA19798 for ; Sun, 10 Aug 1997 15:27:21 -0700 (PDT) Received: from localhost (jonz@localhost) by netrail.net (8.8.6/8.8.6) with SMTP id SAA05719; Sun, 10 Aug 1997 18:26:15 GMT Date: Sun, 10 Aug 1997 18:26:15 +0000 (GMT) From: "Jonathan A. Zdziarski" To: Brian Mitchell cc: freebsd-security@FreeBSD.ORG Subject: Re: procfs patch In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk Uh..how does one apply this patch. It asks 'which file to patch' etc... I'm just typing 'patch < filename' ------------------------------------------------------------------------- Jonathan A. Zdziarski NetRail Incorporated Server Engineering Manager 230 Peachtree St. Suite 500 jonz@netrail.net Atlanta, GA 30303 http://www.netrail.net (888) - NETRAIL ------------------------------------------------------------------------- On Sun, 10 Aug 1997, Brian Mitchell wrote: :Enclosed is a patch that seems to work ok on my system. Extensive testing :has not been done. There's probably a much better way to do this. : :diff -c procfs_old/procfs_ctl.c procfs/procfs_ctl.c :*** procfs_old/procfs_ctl.c Sun Aug 10 15:05:48 1997 :--- procfs/procfs_ctl.c Sun Aug 10 16:37:59 1997 :*************** :*** 121,126 **** :--- 121,129 ---- : { : int error; : :+ /* if we have trace flag set, fail */ :+ if(p->p_flag & P_SUGID) :+ return (EPERM); : /* : * Attach - attaches the target process for debugging : * by the calling process. :diff -c procfs_old/procfs_fpregs.c procfs/procfs_fpregs.c :*** procfs_old/procfs_fpregs.c Sun Aug 10 15:05:47 1997 :--- procfs/procfs_fpregs.c Sun Aug 10 16:38:14 1997 :*************** :*** 62,67 **** :--- 62,69 ---- : char *kv; : int kl; : :+ if(p->p_flag & P_SUGID) :+ return (EPERM); : kl = sizeof(r); : kv = (char *) &r; : :diff -c procfs_old/procfs_map.c procfs/procfs_map.c :*** procfs_old/procfs_map.c Sun Aug 10 15:05:47 1997 :--- procfs/procfs_map.c Sun Aug 10 16:35:41 1997 :*************** :*** 96,101 **** :--- 96,103 ---- : vm_map_entry_t entry; : char mebuffer[MEBUFFERSIZE]; : :+ if(p->p_flag & P_SUGID) :+ return (EPERM); : if (uio->uio_rw != UIO_READ) : return (EOPNOTSUPP); : :diff -c procfs_old/procfs_mem.c procfs/procfs_mem.c :*** procfs_old/procfs_mem.c Sun Aug 10 15:05:47 1997 :--- procfs/procfs_mem.c Sun Aug 10 16:39:01 1997 :*************** :*** 297,302 **** :--- 297,304 ---- : { : int error; : :+ if(p->p_flag & P_SUGID) :+ return (EPERM); : if (uio->uio_resid == 0) : return (0); : :diff -c procfs_old/procfs_note.c procfs/procfs_note.c :*** procfs_old/procfs_note.c Sun Aug 10 15:05:47 1997 :--- procfs/procfs_note.c Sun Aug 10 16:36:19 1997 :*************** :*** 59,64 **** :--- 59,66 ---- : int error; : char note[PROCFS_NOTELEN+1]; : :+ if(p->p_flag & P_SUGID) :+ return (EPERM); : if (uio->uio_rw != UIO_WRITE) : return (EINVAL); : :diff -c procfs_old/procfs_regs.c procfs/procfs_regs.c :*** procfs_old/procfs_regs.c Sun Aug 10 15:05:47 1997 :--- procfs/procfs_regs.c Sun Aug 10 16:36:39 1997 :*************** :*** 62,67 **** :--- 62,69 ---- : char *kv; : int kl; : :+ if(p->p_flag & P_SUGID) :+ return (EPERM); : kl = sizeof(r); : kv = (char *) &r; : :diff -c procfs_old/procfs_status.c procfs/procfs_status.c :*** procfs_old/procfs_status.c Sun Aug 10 15:05:47 1997 :--- procfs/procfs_status.c Sun Aug 10 16:36:55 1997 :*************** :*** 69,74 **** :--- 69,76 ---- : int error; : char psbuf[256]; /* XXX - conservative */ : :+ if(p->p_flag & P_SUGID) :+ return (EPERM); : if (uio->uio_rw != UIO_READ) : return (EOPNOTSUPP); : :diff -c procfs_old/procfs_type.c procfs/procfs_type.c :*** procfs_old/procfs_type.c Sun Aug 10 15:05:47 1997 :--- procfs/procfs_type.c Sun Aug 10 16:37:15 1997 :*************** :*** 65,70 **** :--- 65,72 ---- : char mebuffer[256]; : char *none = "Not Available"; : :+ if(p->p_flag & P_SUGID) :+ return (EPERM); : if (uio->uio_rw != UIO_READ) : return (EOPNOTSUPP); : : : : : :Brian Mitchell brian@firehouse.net :"BSD code sucks. Of course, everything else sucks far more." :- Theo de Raadt (OpenBSD President) : :