From owner-freebsd-audit Sun Feb 11 16:25:36 2001 Delivered-To: freebsd-audit@freebsd.org Received: from mail.gmx.net (pop.gmx.de [194.221.183.20]) by hub.freebsd.org (Postfix) with SMTP id B5C7537B401 for ; Sun, 11 Feb 2001 16:25:32 -0800 (PST) Received: (qmail 30876 invoked by uid 0); 12 Feb 2001 00:25:31 -0000 Received: from pc19ebf2c.dip.t-dialin.net (HELO forge.local) (193.158.191.44) by mail.gmx.net (mail06) with SMTP; 12 Feb 2001 00:25:31 -0000 Received: from thomas by forge.local with local (Exim 3.20 #1) id 14S6o2-0004TG-00 for ; Mon, 12 Feb 2001 01:25:26 +0100 Date: Mon, 12 Feb 2001 01:25:26 +0100 From: Thomas Moestl To: freebsd-audit@freebsd.org Subject: patches to remove setgid kmem from dmesg Message-ID: <20010212012526.A17006@crow.dom2ip.de> Mail-Followup-To: Thomas Moestl , freebsd-audit@freebsd.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Hi, here is yet another set of patches for setgid kmem removal. This modifies dmesg to use the sysctl interface if neither the -M nor the -N option is specified on the command line. Otherwise, libkvm is used as before, so this should not break crash dump analysis with dmesg. I have removed the code that drops the setgid gid, so the executable should not be installed with a setgid bit any more. Again, I needed to modify the kernel. The sysctl that exports the message buffer, machdep.msgbuf, was only implemented for i386. I have moved this to kern/subr_prf.c, and renamed it to kern.msgbuf. machdep.clear_msgbuf was also moved, and a CTLFLAG_SECURE was added, meaning that the message buffer cannot be cleared this way when the securelevel is raised (of course, this does not prevent an attacker to remove log messages from the msgbuf, he could still do actions that cause logging until the message was overwritten with new data, but I still think that does not harm to have this flag set). I also have changed the kern.msgbuf behaviour to start to output at msg_bufx (the write pointer of the ring buffer), and not at msg_bufr (the read pointer that is used for /dev/klog read handling). The previous behaviour could cause new lines to be displayed before old ones and was IMHO broken. I would appreciate if somebody could test this on the alpha, because of the code moved from i386 machdep sections into the common files. It should not be problematic, though. Also, if somebody knows a place where machdep.msgbuf was used, please speak up! The new patches are at: - for dmesg: http://www.tu-bs.de/~y0015675/dmesg.diff - for the kernel: http://www.tu-bs.de/~y0015675/sysctl3.diff The previously posted systat patches are at: - for systat: http://www.tu-bs.de/~y0015675/systat.diff - for the kernel: http://www.tu-bs.de/~y0015675/sysctl2.diff The previously posted top patches are at: - for top: http://www.tu-bs.de/~y0015675/top.diff - for libkvm: http://www.tu-bs.de/~y0015675/libkvm.diff - for the kernel: http://www.tu-bs.de/~y0015675/sysctl.diff Could these patches please be reviewed and, if OK, commited? Thanks, - thomas To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message