Date: Tue, 18 Mar 1997 00:30:02 -0800 (PST) From: j@uriah.heep.sax.de (J Wunsch) To: freebsd-bugs Subject: Re: bin/3015: xload and "kmem" files Message-ID: <199703180830.AAA14026@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR bin/3015; it has been noted by GNATS. From: j@uriah.heep.sax.de (J Wunsch) To: mrspock@esfm.ipn.mx Cc: freebsd-gnats-submit@freebsd.org Subject: Re: bin/3015: xload and "kmem" files Date: Tue, 18 Mar 1997 08:54:40 +0100 As mrspock@esfm.ipn.mx wrote: > Files "/dev/kmem", "/dev/drum", and "/dev/mem" must have reading > permission for anyone, otherwise "xload" will not work Uh, no! By no means! > >How-To-Repeat: > try to run: xload > >Fix: > Give the following command as root: > > chmod a+r /dev/kmem /dev/mem /dev/drum That's absolutely the _worst_ solution you could come up with. Everybody on your machine could read the entire kernel memory, including all terminal buffers, passwords and so on. Ever wondered why there's a group named `kmem', and these devices belong into this group? If at all, do: chmod g+s /usr/X11R6/bin/xload However, note that this is merely a bug in XFree86 3.2'sxload, caused by some incorrection version macro that has been fixed shortly after their release. xload is not meant to require being setgid kmem in 4.4BSD systems, since it could use getloadavg(3) without special privileges. For XFree86 3.2, you are stuck with the above solution however, and there's no newer release of XFree86 yet. If you have the XFree86 sources, you should recompile instead, using the correct configuration. -- cheers, J"org joerg_wunsch@uriah.heep.sax.de -- http://www.sax.de/~joerg/ -- NIC: JW11-RIPE Never trust an operating system you don't have sources for. ;-)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199703180830.AAA14026>