Date: Tue, 27 Aug 1996 22:38:19 -0700 From: Darryl Okahata <darrylo@hpnmhjw.sr.hp.com> To: FreeBSD-gnats-submit@freebsd.org Subject: bin/1548: ncrcontrol -i queries don't work for mere users Message-ID: <199608280538.AA065290699@hpnmhjw.sr.hp.com> Resent-Message-ID: <199608280540.WAA01731@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 1548
>Category: bin
>Synopsis: ncrcontrol -i queries don't work for mere users
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Tue Aug 27 22:40:04 PDT 1996
>Last-Modified:
>Originator: Darryl Okahata
>Organization:
Home
>Release: FreeBSD 2.2-960801-SNAP i386
>Environment:
FreeBSD 2.2-960801-SNAP with an NCR-815-based SCSI controller.
>Description:
Even though ncrcontrol is setgid kmem, read-only queries such as
"ncrcontrol -i" do not work for mere users. You must be root or
some login that has a real group id of "kmem".
This occurs because of code that is supposed to prevent the bad
guys from doing arbitrary reads of kernel memory. This code is
supposed to be used if the running kernel is not used; however,
there's a bug that *always* causes the code to be used, which
prevents legal/acceptable reads of kernel memory by mere users.
>How-To-Repeat:
On a system with an NCR-based SCSI controller, run the following
as a mere user (non-root, non-kmem-group):
ncrcontrol -i
>Fix:
Apply the following patch.
*** ncrcontrol.c.orig Tue Aug 27 22:13:37 1996
--- ncrcontrol.c Tue Aug 27 22:14:51 1996
***************
*** 181,186 ****
--- 181,195 ----
if (kvm_isopen) return;
+ #if defined(__NetBSD__) || (__FreeBSD__ >= 2)
+ /*
+ * Discard setgid privileges if not the running kernel so that bad
+ * guys can't print interesting stuff from kernel memory.
+ */
+ if (vmunix != NULL || kmemf != NULL)
+ setgid(getgid());
+ #endif
+
#if (__FreeBSD__ >= 2)
if (!vmunix) {
vmunix = getbootfile();
***************
*** 190,203 ****
vmunix = _PATH_UNIX;
}
#endif
- #if defined(__NetBSD__) || (__FreeBSD__ >= 2)
- /*
- * Discard setgid privileges if not the running kernel so that bad
- * guys can't print interesting stuff from kernel memory.
- */
- if (vmunix != NULL || kmemf != NULL)
- setgid(getgid());
kvm = kvm_openfiles(vmunix, kmemf, NULL, flags, errbuf);
if (kvm == NULL) {
fprintf(stderr, "%s: kvm_openfiles: %s\n", prog, errbuf);
--- 199,206 ----
vmunix = _PATH_UNIX;
}
#endif
+ #if defined(__NetBSD__) || (__FreeBSD__ >= 2)
kvm = kvm_openfiles(vmunix, kmemf, NULL, flags, errbuf);
if (kvm == NULL) {
fprintf(stderr, "%s: kvm_openfiles: %s\n", prog, errbuf);
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199608280538.AA065290699>