From owner-freebsd-audit Thu Feb 1 16:59: 9 2001 Delivered-To: freebsd-audit@freebsd.org Received: from mail.gmx.net (sproxy.gmx.net [194.221.183.20]) by hub.freebsd.org (Postfix) with SMTP id EF68437B491 for ; Thu, 1 Feb 2001 16:58:51 -0800 (PST) Received: (qmail 19915 invoked by uid 0); 2 Feb 2001 00:58:50 -0000 Received: from p3e9bc177.dip.t-dialin.net (HELO forge.local) (62.155.193.119) by mail.gmx.net (mail08) with SMTP; 2 Feb 2001 00:58:50 -0000 Received: from thomas by forge.local with local (Exim 3.16 #1 (Debian)) id 14OUYm-0000LU-00 for ; Fri, 02 Feb 2001 01:58:44 +0100 Date: Fri, 2 Feb 2001 01:58:44 +0100 To: freebsd-audit@freebsd.org Subject: patch to remove setgid kmem from top Message-ID: <20010202015844.A1246@crow.dom2ip.de> Mail-Followup-To: tmoestl@gmx.net, freebsd-audit@freebsd.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i From: Thomas Moestl Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Hi, I have prepared a set of patches that allow running top as an ordinary user without setgid kmem. As this is somehow security related (and because I would like this patches to be reviewed), I'm posting to -audit. Please give me a pointer if you feel that this is the wrong forum. All information top needs is now read via the sysctl interface. One sysctl, kern.lastpid, had to be added for this. It exports the nextpid variable, which reflects the highest PID used up to now. This information was given away before by top. It could allow discovering a PID before the corresponding process is run for the first time (but after the fork call started when randompid is enabled). I don't think that this is a security issue (there are other ways to discover PIDs after all, unless with restrict e.g. ps). Another thing that needed to be changed is the libkvm kvm_getswapinfo() call that made heavy use of kvm_read. I have changed the kernel to do per swap area accounting (as discussed on -hackers), and have exported this information via the vm.nswapdev sysctl (number of swap areas) and the vm.swapdevX nodes (where X is the device), which contain the MIBs dev, nblks, used and flags. A patch to libkvm makes use of these new sysctls in the case of "live" kernels, and changes the dump case so that the information gathered in the kernel is used instead of walking the radix tree. A side effect of this change is that kvm_getswapinfo() is faster now in the general case. If the SWIF_DUMP_TREE flag is given (pstat -ss does this), the radix tree walker, which still uses kvm_read in any case, is invoked, but I don't think that this information needs to be exported for ordinary users. The changes are split into three diffs: - for top: http://www.tu-bs.de/~y0015675/top.diff - for libkvm: http://www.tu-bs.de/~y0015675/libkvm.diff - for the kernel: http://www.tu-bs.de/~y0015675/sysctl.diff (I don't want to post the patch files if not necessary, they are a bit large for that). Could someone please review these patches, and if they are OK, commit them? Thanks, - thomas To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message