Date: Tue, 12 Aug 1997 07:12:13 -0700 From: Cy Schubert <cy@cwsys.cwent.com> To: dg@root.com Cc: Sean Eric Fagan <sef@freebsd.org>, current@freebsd.org, security@freebsd.org Subject: Re: procfs patch Message-ID: <199708121412.HAA01007@cwsys.cwent.com> In-Reply-To: Your message of "Mon, 11 Aug 1997 02:53:05 PDT." <199708110953.CAA12034@implode.root.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> >+ /* > >+ * XXX > >+ * We need to check for KMEM_GROUP because ps is sgid kmem; > >+ * not allowing it here causes ps to not work properly. Arguably, > >+ * this is a bug with what ps does. We only need to do this > >+ * for Pmem nodes, and only if it's reading. This is still not > >+ * good, as it may still be possible to grab illicit data if > >+ * a process somehow gets to be KMEM_GROUP. Note that this also > >+ * means that KMEM_GROUP can't change without editing procfs.h! > >+ * All in all, quite yucky. > >+ */ > >+ > >+ if (!CHECKIO(curp, p) && > >+ ((curp->p_cred->pc_ucred->cr_gid != KMEM_GROUP) && > >+ (uio->uio_rw != UIO_READ)) > >+ return EPERM; > > If I read this right, you allow reads, correct? This would allow access to > potentially sensitive information in the setuid process. If the above is > changed to fail no matter what the operation, I think your fix should be > okay. All this patch does, in addition to allowing the "standard" access list access, is allow KMEM_GROUP read access, so IMHO it's almost perfect. Could this be controllable via sysctl, which would be used at boot time with a one-line awk script to get kmem's gid and poke it into the kernel. If this is too risky, e.g. opens up a security hole that could be exploited in another way, we could make this definition, and others like it, as options in the kernel config file, thus allowing the values of special UID's and GID's to be configurable. Any thoughts? Regards, Phone: (250)387-8437 Cy Schubert Fax: (250)387-5766 UNIX Support OV/VM: BCSC02(CSCHUBER) ITSD BITNET: CSCHUBER@BCSC02.BITNET Government of BC Internet: cschuber@uumail.gov.bc.ca cschuber@bcsc02.gov.bc.ca cy@uumail.gov.bc.ca "Quit spooling around, JES do it."
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199708121412.HAA01007>