From owner-cvs-all@FreeBSD.ORG Fri Jun 2 12:36:11 2006 Return-Path: X-Original-To: cvs-all@FreeBSD.org Delivered-To: cvs-all@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D4F1416A4A6; Fri, 2 Jun 2006 12:36:11 +0000 (UTC) (envelope-from des@des.no) Received: from tim.des.no (tim.des.no [194.63.250.121]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5293443D45; Fri, 2 Jun 2006 12:36:10 +0000 (GMT) (envelope-from des@des.no) Received: from tim.des.no (localhost [127.0.0.1]) by spam.des.no (Postfix) with ESMTP id 715592086; Fri, 2 Jun 2006 14:36:06 +0200 (CEST) X-Spam-Tests: none X-Spam-Learn: disabled X-Spam-Score: 0.0/3.0 X-Spam-Checker-Version: SpamAssassin 3.1.1 (2006-03-10) on tim.des.no Received: from xps.des.no (des.no [80.203.243.180]) by tim.des.no (Postfix) with ESMTP id 6111C2082; Fri, 2 Jun 2006 14:36:06 +0200 (CEST) Received: by xps.des.no (Postfix, from userid 1001) id 3A3D133C8D; Fri, 2 Jun 2006 14:36:06 +0200 (CEST) From: des@des.no (Dag-Erling =?iso-8859-1?Q?Sm=F8rgrav?=) To: Guy Helmer References: <200605241403.k4OE3pvp007556@repoman.freebsd.org> Date: Fri, 02 Jun 2006 14:36:05 +0200 In-Reply-To: <200605241403.k4OE3pvp007556@repoman.freebsd.org> (Guy Helmer's message of "Wed, 24 May 2006 14:03:51 +0000 (UTC)") Message-ID: <86y7wf20qy.fsf@xps.des.no> User-Agent: Gnus/5.110003 (No Gnus v0.3) Emacs/21.3 (berkeley-unix) MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" Cc: cvs-src@FreeBSD.org, src-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/sys/fs/procfs procfs.c X-BeenThere: cvs-all@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: CVS commit messages for the entire tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 02 Jun 2006 12:36:14 -0000 --=-=-= Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable Guy Helmer writes: > Log: > Revision 1.4 set access for all sensitive files in /proc/ to mode 0 > if a process's uid or gid has changed, but the /proc/ directory > itself was also set to mode 0. Assuming this doesn't open any > security holes, open access to the /proc/ directory for users > other than root to read or search the directory. >=20=20=20 > Reviewed by: des (back in February) > MFC after: 3 weeks In hindsight, I think I prefer the attached (untested) solution... DES --=20 Dag-Erling Sm=F8rgrav - des@des.no --=-=-= Content-Type: text/x-patch Content-Disposition: attachment; filename=procfs.diff Index: sys/fs/procfs/procfs.c =================================================================== RCS file: /home/ncvs/src/sys/fs/procfs/procfs.c,v retrieving revision 1.13 diff -u -r1.13 procfs.c --- sys/fs/procfs/procfs.c 24 May 2006 14:03:51 -0000 1.13 +++ sys/fs/procfs/procfs.c 2 Jun 2006 12:35:55 -0000 @@ -98,12 +98,7 @@ PROC_LOCK_ASSERT(p, MA_OWNED); /* XXX inefficient, split into separate functions */ - if (p->p_flag & P_SUGID) { - if (pn->pn_type == pfstype_procdir) - vap->va_mode = 0555; - else - vap->va_mode = 0; - } else if (strcmp(pn->pn_name, "ctl") == 0 || + if (strcmp(pn->pn_name, "ctl") == 0 || strcmp(pn->pn_name, "note") == 0 || strcmp(pn->pn_name, "notepg") == 0) vap->va_mode = 0200; @@ -113,6 +108,9 @@ strcmp(pn->pn_name, "fpregs") == 0) vap->va_mode = 0600; + if ((p->p_flag & P_SUGID) && pn->pn_type != pfstype_procdir) + vap->va_mode &= ~077; + vap->va_uid = p->p_ucred->cr_uid; vap->va_gid = p->p_ucred->cr_gid; --=-=-=--