Date: Fri, 02 Jun 2006 14:36:05 +0200 From: des@des.no (Dag-Erling =?iso-8859-1?Q?Sm=F8rgrav?=) To: Guy Helmer <ghelmer@FreeBSD.org> Cc: cvs-src@FreeBSD.org, src-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/sys/fs/procfs procfs.c Message-ID: <86y7wf20qy.fsf@xps.des.no> In-Reply-To: <200605241403.k4OE3pvp007556@repoman.freebsd.org> (Guy Helmer's message of "Wed, 24 May 2006 14:03:51 %2B0000 (UTC)") References: <200605241403.k4OE3pvp007556@repoman.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--=-=-= Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable Guy Helmer <ghelmer@FreeBSD.org> writes: > Log: > Revision 1.4 set access for all sensitive files in /proc/<PID> to mode 0 > if a process's uid or gid has changed, but the /proc/<PID> directory > itself was also set to mode 0. Assuming this doesn't open any > security holes, open access to the /proc/<PID> directory for users > other than root to read or search the directory. >=20=20=20 > Reviewed by: des (back in February) > MFC after: 3 weeks In hindsight, I think I prefer the attached (untested) solution... DES --=20 Dag-Erling Sm=F8rgrav - des@des.no --=-=-= Content-Type: text/x-patch Content-Disposition: attachment; filename=procfs.diff Index: sys/fs/procfs/procfs.c =================================================================== RCS file: /home/ncvs/src/sys/fs/procfs/procfs.c,v retrieving revision 1.13 diff -u -r1.13 procfs.c --- sys/fs/procfs/procfs.c 24 May 2006 14:03:51 -0000 1.13 +++ sys/fs/procfs/procfs.c 2 Jun 2006 12:35:55 -0000 @@ -98,12 +98,7 @@ PROC_LOCK_ASSERT(p, MA_OWNED); /* XXX inefficient, split into separate functions */ - if (p->p_flag & P_SUGID) { - if (pn->pn_type == pfstype_procdir) - vap->va_mode = 0555; - else - vap->va_mode = 0; - } else if (strcmp(pn->pn_name, "ctl") == 0 || + if (strcmp(pn->pn_name, "ctl") == 0 || strcmp(pn->pn_name, "note") == 0 || strcmp(pn->pn_name, "notepg") == 0) vap->va_mode = 0200; @@ -113,6 +108,9 @@ strcmp(pn->pn_name, "fpregs") == 0) vap->va_mode = 0600; + if ((p->p_flag & P_SUGID) && pn->pn_type != pfstype_procdir) + vap->va_mode &= ~077; + vap->va_uid = p->p_ucred->cr_uid; vap->va_gid = p->p_ucred->cr_gid; --=-=-=--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?86y7wf20qy.fsf>