Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 02 Jun 2006 14:36:05 +0200
From:      des@des.no (Dag-Erling =?iso-8859-1?Q?Sm=F8rgrav?=)
To:        Guy Helmer <ghelmer@FreeBSD.org>
Cc:        cvs-src@FreeBSD.org, src-committers@FreeBSD.org, cvs-all@FreeBSD.org
Subject:   Re: cvs commit: src/sys/fs/procfs procfs.c
Message-ID:  <86y7wf20qy.fsf@xps.des.no>
In-Reply-To: <200605241403.k4OE3pvp007556@repoman.freebsd.org> (Guy Helmer's message of "Wed, 24 May 2006 14:03:51 %2B0000 (UTC)")
References:  <200605241403.k4OE3pvp007556@repoman.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
--=-=-=
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable

Guy Helmer <ghelmer@FreeBSD.org> writes:
>   Log:
>   Revision 1.4 set access for all sensitive files in /proc/<PID> to mode 0
>   if a process's uid or gid has changed, but the /proc/<PID> directory
>   itself was also set to mode 0.  Assuming this doesn't open any
>   security holes, open access to the /proc/<PID> directory for users
>   other than root to read or search the directory.
>=20=20=20
>   Reviewed by:    des (back in February)
>   MFC after:      3 weeks

In hindsight, I think I prefer the attached (untested) solution...

DES
--=20
Dag-Erling Sm=F8rgrav - des@des.no


--=-=-=
Content-Type: text/x-patch
Content-Disposition: attachment; filename=procfs.diff

Index: sys/fs/procfs/procfs.c
===================================================================
RCS file: /home/ncvs/src/sys/fs/procfs/procfs.c,v
retrieving revision 1.13
diff -u -r1.13 procfs.c
--- sys/fs/procfs/procfs.c	24 May 2006 14:03:51 -0000	1.13
+++ sys/fs/procfs/procfs.c	2 Jun 2006 12:35:55 -0000
@@ -98,12 +98,7 @@
 	PROC_LOCK_ASSERT(p, MA_OWNED);
 
 	/* XXX inefficient, split into separate functions */
-	if (p->p_flag & P_SUGID) {
-		if (pn->pn_type == pfstype_procdir)
-			vap->va_mode = 0555;
-		else
-			vap->va_mode = 0;
-	} else if (strcmp(pn->pn_name, "ctl") == 0 ||
+	if (strcmp(pn->pn_name, "ctl") == 0 ||
 	    strcmp(pn->pn_name, "note") == 0 ||
 	    strcmp(pn->pn_name, "notepg") == 0)
 		vap->va_mode = 0200;
@@ -113,6 +108,9 @@
 	    strcmp(pn->pn_name, "fpregs") == 0)
 		vap->va_mode = 0600;
 
+	if ((p->p_flag & P_SUGID) && pn->pn_type != pfstype_procdir)
+		vap->va_mode &= ~077;
+
 	vap->va_uid = p->p_ucred->cr_uid;
 	vap->va_gid = p->p_ucred->cr_gid;
 

--=-=-=--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?86y7wf20qy.fsf>