Date: Tue, 1 Sep 2015 06:28:16 +0000 (UTC) From: Xin LI <delphij@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r287345 - head/usr.bin/bluetooth/btsockstat Message-ID: <201509010628.t816SGQi035261@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: delphij Date: Tue Sep 1 06:28:16 2015 New Revision: 287345 URL: https://svnweb.freebsd.org/changeset/base/287345 Log: Drop group privileges after opening the kvm descriptor, otherwise, the code would not drop privileges as expected. While there also add checks for the drop and bail out immediately if we failed. MFC after: 3 days Modified: head/usr.bin/bluetooth/btsockstat/btsockstat.c Modified: head/usr.bin/bluetooth/btsockstat/btsockstat.c ============================================================================== --- head/usr.bin/bluetooth/btsockstat/btsockstat.c Tue Sep 1 06:21:12 2015 (r287344) +++ head/usr.bin/bluetooth/btsockstat/btsockstat.c Tue Sep 1 06:28:16 2015 (r287345) @@ -154,9 +154,9 @@ main(int argc, char *argv[]) * Discard setgid privileges if not the running kernel so that * bad guys can't print interesting stuff from kernel memory. */ - if (memf != NULL) - setgid(getgid()); + if (setgid(getgid()) != 0) + err(1, "setgid"); kvmd = kopen(memf); if (kvmd == NULL) @@ -583,15 +583,9 @@ kopen(char const *memf) kvm_t *kvmd = NULL; char errbuf[_POSIX2_LINE_MAX]; - /* - * Discard setgid privileges if not the running kernel so that - * bad guys can't print interesting stuff from kernel memory. - */ - - if (memf != NULL) - setgid(getgid()); - kvmd = kvm_openfiles(NULL, memf, NULL, O_RDONLY, errbuf); + if (setgid(getgid()) != 0) + err(1, "setgid"); if (kvmd == NULL) { warnx("kvm_openfiles: %s", errbuf); return (NULL);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201509010628.t816SGQi035261>