Date: Sat, 2 Jun 2018 16:56:44 -0700 (PDT) From: "Rodney W. Grimes" <freebsd@pdx.rh.CN85.dnsmgr.net> To: Eitan Adler <eadler@freebsd.org> Cc: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: Re: svn commit: r334543 - head/usr.bin/top Message-ID: <201806022356.w52NuiFK088665@pdx.rh.CN85.dnsmgr.net> In-Reply-To: <201806022206.w52M6S98020830@repo.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> Author: eadler > Date: Sat Jun 2 22:06:27 2018 > New Revision: 334543 > URL: https://svnweb.freebsd.org/changeset/base/334543 > > Log: > top(1): chdir to / as init; remove unneeded comment > > - chdir to / to allow unmounting of wd > - remove warning about running top(1) as setuid. If this is a concern we > should just drop privs instead. > > Modified: > head/usr.bin/top/machine.c > head/usr.bin/top/top.c > > Modified: head/usr.bin/top/machine.c > ============================================================================== > --- head/usr.bin/top/machine.c Sat Jun 2 21:50:00 2018 (r334542) > +++ head/usr.bin/top/machine.c Sat Jun 2 22:06:27 2018 (r334543) > @@ -1613,11 +1613,6 @@ compare_ivcsw(const void *arg1, const void *arg2) > /* > * proc_owner(pid) - returns the uid that owns process "pid", or -1 if > * the process does not exist. > - * It is EXTREMELY IMPORTANT that this function work correctly. > - * If top runs setuid root (as in SVR4), then this function > - * is the only thing that stands in the way of a serious > - * security problem. It validates requests for the "kill" > - * and "renice" commands. > */ > > int > > Modified: head/usr.bin/top/top.c > ============================================================================== > --- head/usr.bin/top/top.c Sat Jun 2 21:50:00 2018 (r334542) > +++ head/usr.bin/top/top.c Sat Jun 2 22:06:27 2018 (r334543) > @@ -260,6 +260,15 @@ main(int argc, char *argv[]) > #define CMD_order 26 > #define CMD_pid 27 > > + /* > + * Since top(1) is often long running and > + * doesn't typically care about where its running from > + * chdir to the root to allow unmounting of its > + * originall wd. Failure is alright as this is > + * just a courtesy for users. > + */ > + chdir("/"); > + Bad side effect of doing that is it is not hard to get a "core" from top when run as a user, as it is going to try to write to /, and it probably does not have permission for that. Better might be a cd to /tmp, or /var/tmp, which are usually hard to unmount for these reasons anyway. > /* set the buffer for stdout */ > #ifdef DEBUG > extern FILE *debug; > > -- Rod Grimes rgrimes@freebsd.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201806022356.w52NuiFK088665>