From owner-svn-src-projects@FreeBSD.ORG  Fri Jul 31 12:52:33 2009
Return-Path: <owner-svn-src-projects@FreeBSD.ORG>
Delivered-To: svn-src-projects@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 5A2FF106566B;
	Fri, 31 Jul 2009 12:52:33 +0000 (UTC)
	(envelope-from stas@FreeBSD.org)
Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c])
	by mx1.freebsd.org (Postfix) with ESMTP id 48BB58FC08;
	Fri, 31 Jul 2009 12:52:33 +0000 (UTC)
	(envelope-from stas@FreeBSD.org)
Received: from svn.freebsd.org (localhost [127.0.0.1])
	by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id n6VCqXP0069568;
	Fri, 31 Jul 2009 12:52:33 GMT (envelope-from stas@svn.freebsd.org)
Received: (from stas@localhost)
	by svn.freebsd.org (8.14.3/8.14.3/Submit) id n6VCqXWf069563;
	Fri, 31 Jul 2009 12:52:33 GMT (envelope-from stas@svn.freebsd.org)
Message-Id: <200907311252.n6VCqXWf069563@svn.freebsd.org>
From: Stanislav Sedov <stas@FreeBSD.org>
Date: Fri, 31 Jul 2009 12:52:33 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-projects@freebsd.org
X-SVN-Group: projects
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Cc: 
Subject: svn commit: r195994 - projects/libprocstat/usr.bin/fstat
X-BeenThere: svn-src-projects@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "SVN commit messages for the src &quot; projects&quot;
	tree" <svn-src-projects.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-projects>, 
	<mailto:svn-src-projects-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-projects>
List-Post: <mailto:svn-src-projects@freebsd.org>
List-Help: <mailto:svn-src-projects-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-projects>, 
	<mailto:svn-src-projects-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 31 Jul 2009 12:52:33 -0000

Author: stas
Date: Fri Jul 31 12:52:32 2009
New Revision: 195994
URL: http://svn.freebsd.org/changeset/base/195994

Log:
  - Do not install fstat/fuser with increased privileges.  In the discussion
    with rwatson it was decided that we might not want to expose much detail
    about process the user has no relation to.
  - Do not emit warning in case of insufficient permissions to access the
    process file descriptors data.

Modified:
  projects/libprocstat/usr.bin/fstat/Makefile
  projects/libprocstat/usr.bin/fstat/fstat.c
  projects/libprocstat/usr.bin/fstat/fuser.c
  projects/libprocstat/usr.bin/fstat/libprocstat.c

Modified: projects/libprocstat/usr.bin/fstat/Makefile
==============================================================================
--- projects/libprocstat/usr.bin/fstat/Makefile	Fri Jul 31 12:43:01 2009	(r195993)
+++ projects/libprocstat/usr.bin/fstat/Makefile	Fri Jul 31 12:52:32 2009	(r195994)
@@ -9,8 +9,6 @@ SRCS=	cd9660.c common_kvm.c fstat.c fuse
 LINKS=	${BINDIR}/fstat ${BINDIR}/fuser
 DPADD=	${LIBKVM}
 LDADD=	-lkvm -lutil
-BINGRP=	kmem
-BINMODE=2555
 WARNS?=	6
 
 MAN1=	fuser.1 fstat.1

Modified: projects/libprocstat/usr.bin/fstat/fstat.c
==============================================================================
--- projects/libprocstat/usr.bin/fstat/fstat.c	Fri Jul 31 12:43:01 2009	(r195993)
+++ projects/libprocstat/usr.bin/fstat/fstat.c	Fri Jul 31 12:52:32 2009	(r195994)
@@ -165,19 +165,12 @@ do_fstat(int argc, char **argv)
 		checkfile = 1;
 	}
 
-	/*
-	 * Discard setgid privileges if not the running kernel so that bad
-	 * guys can't print interesting stuff from kernel memory.
-	 */
-	if (nlistf != NULL || memf != NULL)
-		setgid(getgid());
 	procstat = procstat_open(nlistf, memf);
 	if (procstat == NULL)
 		errx(1, "procstat_open()");
 	p = procstat_getprocs(procstat, what, arg, &cnt);
 	if (p == NULL)
 		errx(1, "procstat_getprocs()");
-	setgid(getgid());
 
 	/*
 	 * Print header.

Modified: projects/libprocstat/usr.bin/fstat/fuser.c
==============================================================================
--- projects/libprocstat/usr.bin/fstat/fuser.c	Fri Jul 31 12:43:01 2009	(r195993)
+++ projects/libprocstat/usr.bin/fstat/fuser.c	Fri Jul 31 12:52:32 2009	(r195994)
@@ -239,19 +239,12 @@ do_fuser(int argc, char *argv[])
 	if (nfiles == 0)
 		errx(EX_IOERR, "files not accessible");
 
-	/*
-	 * Discard setgid privileges if not the running kernel so that bad
-	 * guys can't print interesting stuff from kernel memory.
-	 */
-	if (nlistf != NULL || memf != NULL)
-		setgid(getgid());
 	procstat = procstat_open(nlistf, memf);
 	if (procstat == NULL)
 		errx(1, "procstat_open()");
 	p = procstat_getprocs(procstat, KERN_PROC_PROC, 0, &cnt);
 	if (p == NULL)
 		 errx(1, "procstat_getprocs()");
-	setgid(getgid());
 
 	/*
 	 * Walk through process table and look for matching files.

Modified: projects/libprocstat/usr.bin/fstat/libprocstat.c
==============================================================================
--- projects/libprocstat/usr.bin/fstat/libprocstat.c	Fri Jul 31 12:43:01 2009	(r195993)
+++ projects/libprocstat/usr.bin/fstat/libprocstat.c	Fri Jul 31 12:52:32 2009	(r195994)
@@ -191,7 +191,7 @@ procstat_getprocs(struct procstat *procs
 		name[2] = what;
 		name[3] = arg;
 		error = sysctl(name, 4, NULL, &len, NULL, 0);
-		if (error < 0) {
+		if (error < 0 && errno != EPERM) {
 			warn("sysctl(kern.proc)");
 			goto fail;
 		}
@@ -205,7 +205,7 @@ procstat_getprocs(struct procstat *procs
 			goto fail;
 		}
 		error = sysctl(name, 4, p, &len, NULL, 0);
-		if (error < 0) {
+		if (error < 0 && errno != EPERM) {
 			warn("sysctl(kern.proc)");
 			goto fail;
 		}