Date: 24 Feb 2001 07:25:56 -0000 From: mitsuru@riken.go.jp To: FreeBSD-gnats-submit@freebsd.org Subject: bin/25337: dmesg -a Message-ID: <20010224072556.75001.qmail@zebu.riken.go.jp>
next in thread | raw e-mail | index | archive | help
>Number: 25337
>Category: bin
>Synopsis: dmesg -a should be restricted
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: change-request
>Submitter-Id: current-users
>Arrival-Date: Fri Feb 23 23:30:01 PST 2001
>Closed-Date:
>Last-Modified:
>Originator: Mitsuru Yoshida
>Release: FreeBSD 4.2-STABLE i386
>Organization:
RIKEN
>Environment:
FreeBSD 4.2-STABLE i386
>Description:
Using dmesg -a, any user can get all data in the message buffer,
and it may cause security problem. Especially all messages written to
the console are stored in the message buffer during single user mode,
and any user can get them later. The use of -a option should be
restricted to root user.
>How-To-Repeat:
dmesg -a
>Fix:
--- dmesg.c.dist Wed Feb 21 10:00:26 2001
+++ dmesg.c Wed Feb 21 10:02:11 2001
@@ -56,6 +56,7 @@
#include <unistd.h>
#include <vis.h>
#include <sys/syslog.h>
+#include <sys/types.h>
struct nlist nl[] = {
#define X_MSGBUF 0
@@ -87,6 +88,10 @@
while ((ch = getopt(argc, argv, "aM:N:")) != -1)
switch(ch) {
case 'a':
+ if (getuid() != (uid_t)0) {
+ fprintf(stderr,"dmesg: must be root to get all data in the message buffer\n");
+ exit(1);
+ }
all++;
break;
case 'M':
>Release-Note:
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010224072556.75001.qmail>