Date: Mon, 12 Feb 2001 01:25:26 +0100 From: Thomas Moestl <tmoestl@gmx.net> To: freebsd-audit@freebsd.org Subject: patches to remove setgid kmem from dmesg Message-ID: <20010212012526.A17006@crow.dom2ip.de>
next in thread | raw e-mail | index | archive | help
Hi, here is yet another set of patches for setgid kmem removal. This modifies dmesg to use the sysctl interface if neither the -M nor the -N option is specified on the command line. Otherwise, libkvm is used as before, so this should not break crash dump analysis with dmesg. I have removed the code that drops the setgid gid, so the executable should not be installed with a setgid bit any more. Again, I needed to modify the kernel. The sysctl that exports the message buffer, machdep.msgbuf, was only implemented for i386. I have moved this to kern/subr_prf.c, and renamed it to kern.msgbuf. machdep.clear_msgbuf was also moved, and a CTLFLAG_SECURE was added, meaning that the message buffer cannot be cleared this way when the securelevel is raised (of course, this does not prevent an attacker to remove log messages from the msgbuf, he could still do actions that cause logging until the message was overwritten with new data, but I still think that does not harm to have this flag set). I also have changed the kern.msgbuf behaviour to start to output at msg_bufx (the write pointer of the ring buffer), and not at msg_bufr (the read pointer that is used for /dev/klog read handling). The previous behaviour could cause new lines to be displayed before old ones and was IMHO broken. I would appreciate if somebody could test this on the alpha, because of the code moved from i386 machdep sections into the common files. It should not be problematic, though. Also, if somebody knows a place where machdep.msgbuf was used, please speak up! The new patches are at: - for dmesg: http://www.tu-bs.de/~y0015675/dmesg.diff - for the kernel: http://www.tu-bs.de/~y0015675/sysctl3.diff The previously posted systat patches are at: - for systat: http://www.tu-bs.de/~y0015675/systat.diff - for the kernel: http://www.tu-bs.de/~y0015675/sysctl2.diff The previously posted top patches are at: - for top: http://www.tu-bs.de/~y0015675/top.diff - for libkvm: http://www.tu-bs.de/~y0015675/libkvm.diff - for the kernel: http://www.tu-bs.de/~y0015675/sysctl.diff Could these patches please be reviewed and, if OK, commited? Thanks, - thomas To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010212012526.A17006>