Date: Mon, 11 Aug 1997 02:53:05 -0700 From: David Greenman <dg@root.com> To: Sean Eric Fagan <sef@FreeBSD.ORG> Cc: current@FreeBSD.ORG, security@FreeBSD.ORG Subject: Re: procfs patch Message-ID: <199708110953.CAA12034@implode.root.com> In-Reply-To: Your message of "Sun, 10 Aug 1997 20:15:52 PDT." <199708110315.UAA14486@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
>+ /* >+ * XXX >+ * We need to check for KMEM_GROUP because ps is sgid kmem; >+ * not allowing it here causes ps to not work properly. Arguably, >+ * this is a bug with what ps does. We only need to do this >+ * for Pmem nodes, and only if it's reading. This is still not >+ * good, as it may still be possible to grab illicit data if >+ * a process somehow gets to be KMEM_GROUP. Note that this also >+ * means that KMEM_GROUP can't change without editing procfs.h! >+ * All in all, quite yucky. >+ */ >+ >+ if (!CHECKIO(curp, p) && >+ ((curp->p_cred->pc_ucred->cr_gid != KMEM_GROUP) && >+ (uio->uio_rw != UIO_READ)) >+ return EPERM; If I read this right, you allow reads, correct? This would allow access to potentially sensitive information in the setuid process. If the above is changed to fail no matter what the operation, I think your fix should be okay. -DG David Greenman Core-team/Principal Architect, The FreeBSD Project
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199708110953.CAA12034>