Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 14 Apr 1995 10:49:11 +0200 (MET DST)
From:      J Wunsch <j@uriah.heep.sax.de>
To:        seki@sysrap.cs.fujitsu.co.jp (Masahiro SEKIGUCHI)
Cc:        FreeBSD-BUGs@FreeBSD.org
Subject:   Re: bug on /bin/ps permission?
Message-ID:  <199504140849.KAA17434@uriah.heep.sax.de>
In-Reply-To: <9504140053.AA10643@seki.sysrap.cs.fujitsu.co.jp> from "Masahiro SEKIGUCHI" at Apr 14, 95 09:53:37 am

next in thread | previous in thread | raw e-mail | index | archive | help
As Masahiro SEKIGUCHI wrote:
> 
> I'm not sure this is a bug.
> 
> In 950322 SNAP bin, /bin/ps has the following permission/owner/group:
> 
> 	-r-sr-xr-x  1 root bin   143360 Mar 24 09:33 /bin/ps

This is the change that made it:

revision 1.2
date: 1994/08/11 20:06:55;  author: wollman;  state: Exp;  lines: +2 -2
Make `ps' set-uid root so that it can read the same set of arguments
that old `ps'es did.  I'm not too thrilled about this, but I'm not
enough of an FS person to hack procfs so that /proc/xxx/mem is readable
by members of group `kmem'.  If this is done, then `ps' can go back to
being set-gid kmem.


Unfortunately, it doesn't seem to make a good job, since the remainder
of ps is not aware of its new privileges:

        /*
         * Discard setgid privileges if not the running kernel so that bad
         * guys can't print interesting stuff from kernel memory.
         */
        if (nlistf != NULL || memf != NULL || swapf != NULL)
                setgid(getgid());

This has been turned into a no-op by the suidness.

-- 
cheers, J"org

joerg_wunsch@uriah.heep.sax.de -- http://www.sax.de/~joerg/
Never trust an operating system you don't have sources for. ;-)



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199504140849.KAA17434>