Date: Fri, 14 Apr 1995 10:49:11 +0200 (MET DST) From: J Wunsch <j@uriah.heep.sax.de> To: seki@sysrap.cs.fujitsu.co.jp (Masahiro SEKIGUCHI) Cc: FreeBSD-BUGs@FreeBSD.org Subject: Re: bug on /bin/ps permission? Message-ID: <199504140849.KAA17434@uriah.heep.sax.de> In-Reply-To: <9504140053.AA10643@seki.sysrap.cs.fujitsu.co.jp> from "Masahiro SEKIGUCHI" at Apr 14, 95 09:53:37 am
next in thread | previous in thread | raw e-mail | index | archive | help
As Masahiro SEKIGUCHI wrote: > > I'm not sure this is a bug. > > In 950322 SNAP bin, /bin/ps has the following permission/owner/group: > > -r-sr-xr-x 1 root bin 143360 Mar 24 09:33 /bin/ps This is the change that made it: revision 1.2 date: 1994/08/11 20:06:55; author: wollman; state: Exp; lines: +2 -2 Make `ps' set-uid root so that it can read the same set of arguments that old `ps'es did. I'm not too thrilled about this, but I'm not enough of an FS person to hack procfs so that /proc/xxx/mem is readable by members of group `kmem'. If this is done, then `ps' can go back to being set-gid kmem. Unfortunately, it doesn't seem to make a good job, since the remainder of ps is not aware of its new privileges: /* * Discard setgid privileges if not the running kernel so that bad * guys can't print interesting stuff from kernel memory. */ if (nlistf != NULL || memf != NULL || swapf != NULL) setgid(getgid()); This has been turned into a no-op by the suidness. -- cheers, J"org joerg_wunsch@uriah.heep.sax.de -- http://www.sax.de/~joerg/ Never trust an operating system you don't have sources for. ;-)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199504140849.KAA17434>