From owner-freebsd-security  Tue Sep 25  5:42:42 2001
Delivered-To: freebsd-security@freebsd.org
Received: from fledge.watson.org (fledge.watson.org [204.156.12.50])
	by hub.freebsd.org (Postfix) with ESMTP
	id 759FC37B439; Tue, 25 Sep 2001 05:42:27 -0700 (PDT)
Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3])
	by fledge.watson.org (8.11.6/8.11.5) with SMTP id f8PCfSB80973;
	Tue, 25 Sep 2001 08:41:29 -0400 (EDT)
	(envelope-from robert@fledge.watson.org)
Date: Tue, 25 Sep 2001 08:41:28 -0400 (EDT)
From: Robert Watson <rwatson@freebsd.org>
X-Sender: robert@fledge.watson.org
To: Alfred Perlstein <bright@mu.org>
Cc: alpha@freebsd.org, security@freebsd.org
Subject: Re: bogon in 4.x memory device
In-Reply-To: <20010925020701.X97903@elvis.mu.org>
Message-ID: <Pine.NEB.3.96L.1010925083942.80452A-100000@fledge.watson.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org


Looks fine -- a similar change has been made in -CURRENT, although
fortunately in -CURRENT, kmem is no longer required for top to function,
as the sysctl MIB has been expanded.  It would be better to MFC the
sysctl/top changes, from a practical security perspective, but this is
certainly the easier change.

Robert N M Watson             FreeBSD Core Team, TrustedBSD Project
robert@fledge.watson.org      NAI Labs, Safeport Network Services

On Tue, 25 Sep 2001, Alfred Perlstein wrote:

> without this top(1) fails on machines with raised securelevel.
> 
> can anyone review/comment?
> 
> Reported by: brian j. peterson <rbw@myplace.org> 
> 
> Index: mem.c
> ===================================================================
> RCS file: /home/ncvs/src/sys/alpha/alpha/mem.c,v
> retrieving revision 1.19.2.3
> diff -u -r1.19.2.3 mem.c
> --- mem.c	2000/05/14 00:29:44	1.19.2.3
> +++ mem.c	2001/09/25 06:55:30
> @@ -138,7 +138,7 @@
>  	switch (minor(dev)) {
>  	case 0:
>  	case 1:
> -		if (securelevel >= 1)
> +		if ((flags & FWRITE) && securelevel > 0)
>  			return (EPERM);
>  		break;
>  	case 32:
> 
> 
> -- 
> -Alfred Perlstein [alfred@freebsd.org]
> 'Instead of asking why a piece of software is using "1970s technology,"
> start asking why software is ignoring 30 years of accumulated wisdom.'
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
> 


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message