From owner-svn-src-head@freebsd.org  Sun Jun  3 05:08:45 2018
Return-Path: <owner-svn-src-head@freebsd.org>
Delivered-To: svn-src-head@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 7B957FF478D
 for <svn-src-head@mailman.ysv.freebsd.org>;
 Sun,  3 Jun 2018 05:08:45 +0000 (UTC)
 (envelope-from eadler@freebsd.org)
Received: from smtp.freebsd.org (smtp.freebsd.org [96.47.72.83])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "smtp.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 2409C6F339
 for <svn-src-head@freebsd.org>; Sun,  3 Jun 2018 05:08:45 +0000 (UTC)
 (envelope-from eadler@freebsd.org)
Received: from mail-yb0-f170.google.com (mail-yb0-f170.google.com
 [209.85.213.170])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (verified OK))
 (Authenticated sender: eadler)
 by smtp.freebsd.org (Postfix) with ESMTPSA id E337527F68
 for <svn-src-head@freebsd.org>; Sun,  3 Jun 2018 05:08:44 +0000 (UTC)
 (envelope-from eadler@freebsd.org)
Received: by mail-yb0-f170.google.com with SMTP id v17-v6so752404ybe.7
 for <svn-src-head@freebsd.org>; Sat, 02 Jun 2018 22:08:44 -0700 (PDT)
X-Gm-Message-State: APt69E10wtdYacFqounUIa5v4BJNdyHORYvzwpREXkGA4hmN+PTVT5W0
 Uy3gGn+s8jVVlV5UaSLmdWVSNEHOSxsDbD1OymW9Kg==
X-Google-Smtp-Source: ADUXVKLDdXmY9SOq50CtxxE+nnk0QbREk2V0LWceBILmv9Pu/dGY30s8+A93PPDQFHO/V0qUx5QRf+cv6XsJcAvp+gI=
X-Received: by 2002:a5b:64c:: with SMTP id
 o12-v6mr5873213ybq.460.1528002524399; 
 Sat, 02 Jun 2018 22:08:44 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:a25:ef50:0:0:0:0:0 with HTTP;
 Sat, 2 Jun 2018 22:08:13 -0700 (PDT)
In-Reply-To: <201806022356.w52NuiFK088665@pdx.rh.CN85.dnsmgr.net>
References: <201806022206.w52M6S98020830@repo.freebsd.org>
 <201806022356.w52NuiFK088665@pdx.rh.CN85.dnsmgr.net>
From: Eitan Adler <eadler@freebsd.org>
Date: Sat, 2 Jun 2018 22:08:13 -0700
X-Gmail-Original-Message-ID: <CAF6rxgmdA59-c9Ec2rSdB_eHj+psQGCUN7=2fw12i+5DQ8yFWQ@mail.gmail.com>
Message-ID: <CAF6rxgmdA59-c9Ec2rSdB_eHj+psQGCUN7=2fw12i+5DQ8yFWQ@mail.gmail.com>
Subject: Re: svn commit: r334543 - head/usr.bin/top
To: "Rodney W. Grimes" <rgrimes@freebsd.org>
Cc: src-committers <src-committers@freebsd.org>, svn-src-all@freebsd.org, 
 svn-src-head@freebsd.org
Content-Type: text/plain; charset="UTF-8"
X-BeenThere: svn-src-head@freebsd.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: SVN commit messages for the src tree for head/-current
 <svn-src-head.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-head>,
 <mailto:svn-src-head-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-head/>
List-Post: <mailto:svn-src-head@freebsd.org>
List-Help: <mailto:svn-src-head-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-head>,
 <mailto:svn-src-head-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 03 Jun 2018 05:08:45 -0000

On 2 June 2018 at 16:56, Rodney W. Grimes
<freebsd@pdx.rh.cn85.dnsmgr.net> wrote:
>> Author: eadler
>> Date: Sat Jun  2 22:06:27 2018
>> New Revision: 334543
>> URL: https://svnweb.freebsd.org/changeset/base/334543
>>
>> Log:
>>   top(1): chdir to / as init; remove unneeded comment
>>
>>   - chdir to / to allow unmounting of wd
>>   - remove warning about running top(1) as setuid. If this is a concern we
>>   should just drop privs instead.
>>
>> Modified:
>>   head/usr.bin/top/machine.c
>>   head/usr.bin/top/top.c
>>
>> Modified: head/usr.bin/top/machine.c
>> ==============================================================================
>> --- head/usr.bin/top/machine.c        Sat Jun  2 21:50:00 2018        (r334542)
>> +++ head/usr.bin/top/machine.c        Sat Jun  2 22:06:27 2018        (r334543)
>> @@ -1613,11 +1613,6 @@ compare_ivcsw(const void *arg1, const void *arg2)
>>  /*
>>   * proc_owner(pid) - returns the uid that owns process "pid", or -1 if
>>   *           the process does not exist.
>> - *           It is EXTREMELY IMPORTANT that this function work correctly.
>> - *           If top runs setuid root (as in SVR4), then this function
>> - *           is the only thing that stands in the way of a serious
>> - *           security problem.  It validates requests for the "kill"
>> - *           and "renice" commands.
>>   */
>>
>>  int
>>
>> Modified: head/usr.bin/top/top.c
>> ==============================================================================
>> --- head/usr.bin/top/top.c    Sat Jun  2 21:50:00 2018        (r334542)
>> +++ head/usr.bin/top/top.c    Sat Jun  2 22:06:27 2018        (r334543)
>> @@ -260,6 +260,15 @@ main(int argc, char *argv[])
>>  #define CMD_order    26
>>  #define CMD_pid              27
>>
>> +    /*
>> +     * Since top(1) is often long running and
>> +     * doesn't typically care about where its running from
>> +     * chdir to the root to allow unmounting of its
>> +     * originall wd. Failure is alright as this is
>> +     * just a courtesy for users.
>> +     */
>> +    chdir("/");
>> +
>
> Bad side effect of doing that is it is not hard to get a "core"
> from top when run as a user, as it is going to try to write
> to /, and it probably does not have permission for that.

Another person made the point that other similar applications don't do
this, so I just reverted it.

thanks!


-- 
Eitan Adler
Source, Ports, Doc committer
Bugmeister, Ports Security teams