Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 21 Dec 2009 22:59:44 +0300 (MSK)
From:      Denis Barov <dindin@dindin.ru>
To:        FreeBSD-gnats-submit@FreeBSD.org
Cc:        stas@FreeBSD.org
Subject:   ports/141852: sysutils/fuser allows user to send any signal to any
Message-ID:  <200912211959.nBLJxi92081214@sepulca.yandex.ru>
Resent-Message-ID: <200912212000.nBLK0HcZ095745@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 

>Number:         141852
>Category:       ports
>Synopsis:       sysutils/fuser allows user to send any signal to any
>Confidential:   no
>Severity:       serious
>Priority:       low
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Dec 21 20:00:17 UTC 2009
>Closed-Date:
>Last-Modified:
>Originator:     Denis Barov
>Release:        FreeBSD 7.2-STABLE i386
>Organization:
>Environment:
System: FreeBSD sepulca.yandex.ru 7.2-STABLE FreeBSD 7.2-STABLE #0 r197611M: Tue Oct 20 00:15:11 MSD 2009 root@ysbackup2.yandex.ru:/opt/tmp/mk_pkg.QZ1mnqtI/obj/i386/opt/usr/SVN/7/sys/SEPULCA i386


	
>Description:
sysutils/fuser allows user to send any signal to any process when
installed with suid bit
>How-To-Repeat:
# chmod +s /usr/local/bin/fuser (as recommended in pkg-message)
% fuser -k /usr/sbin/syslogd
>Fix:

patch:

diff -urN fuser/files/patch-fuser.c fuser/files/patch-fuser.c
--- fuser/files/patch-fuser.c.orig	1970-01-01 03:00:00.000000000 +0300
+++ fuser/files/patch-fuser.c	2009-12-21 22:52:36.000000000 +0300
@@ -0,0 +1,35 @@
+--- fuser.c.orig	2006-03-14 14:07:08.000000000 +0300
++++ fuser.c	2009-12-21 22:51:33.000000000 +0300
+@@ -608,6 +608,7 @@
+ 	char		*ep;
+ 	char		*kernimg = NULL; /* We are using curr. sys by default */
+ 	char		*mcore = NULL;
++  int     retvalue = 0;
+ 
+ 	while ((ch = getopt(argc, argv, "C:K:cfkms:u")) != -1)
+ 		switch(ch) {
+@@ -696,8 +697,13 @@
+ 			if (ufl != 0) {
+ 				print_file_info(pinfo->pid, \
+ 				    pinfo->uid, ufl);
+-				if ((flags & KFLAG) != 0)
+-					(void)kill(pinfo->pid, sig);
++				if ((flags & KFLAG) != 0) {
++            if (geteuid() == getuid()) {
++              (void)kill(pinfo->pid, sig);
++            } else {
++              retvalue = 1;
++            }
++        } 
+ 			}
+ 		}
+ 		(void)fprintf(stderr, "\n");
+@@ -707,7 +713,7 @@
+ 	SLIST_FREE(&prclist, next, pinfo_free);
+ 	(void)kvm_close(kd);
+ 
+-	return 0;
++	return retvalue;
+ 		
+ }
+ 


>Release-Note:
>Audit-Trail:
>Unformatted:
 >process when installed with suid bit

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200912211959.nBLJxi92081214>