Date: Tue, 8 May 2001 00:19:45 -0700 From: Kris Kennaway <kris@obsecurity.org> To: audit@FreeBSD.org Subject: fstat patches Message-ID: <20010508001945.A86617@xor.obsecurity.org>
next in thread | raw e-mail | index | archive | help
[-- Attachment #1 --]
These are taken from OpenBSD. Please review: I don't know if the
setegid() changes actually serve a purpose..can anyone explain it to
me?
Kris
Index: fstat.c
===================================================================
RCS file: /mnt/ncvs/src/usr.bin/fstat/fstat.c,v
retrieving revision 1.29
diff -u -r1.29 fstat.c
--- fstat.c 2001/05/01 08:46:00 1.29
+++ fstat.c 2001/05/08 07:16:33
@@ -231,11 +231,17 @@
* Discard setgid privileges if not the running kernel so that bad
* guys can't print interesting stuff from kernel memory.
*/
- if (nlistf != NULL || memf != NULL)
+ if (nlistf != NULL || memf != NULL) {
+ setegid(getgid());
setgid(getgid());
+ }
if ((kd = kvm_openfiles(nlistf, memf, NULL, O_RDONLY, buf)) == NULL)
errx(1, "%s", buf);
+
+ setegid(getgid());
+ setgid(getgid());
+
#ifdef notdef
if (kvm_nlist(kd, nl) != 0)
errx(1, "no namelist: %s", kvm_geterr(kd));
@@ -479,7 +485,7 @@
break;
default: {
- static char unknown[10];
+ static char unknown[20];
sprintf(badtype = unknown, "?(%x)", vn.v_tag);
break;;
}
@@ -697,7 +703,7 @@
struct inpcb inpcb;
struct unpcb unpcb;
int len;
- char dname[32], *strcpy();
+ char dname[32];
PREFIX(i);
@@ -722,7 +728,7 @@
}
if ((len = kvm_read(kd, (u_long)dom.dom_name, dname,
- sizeof(dname) - 1)) < 0) {
+ sizeof(dname) - 1)) != sizeof(dname) -1) {
dprintf(stderr, "can't read domain name at %p\n",
(void *)dom.dom_name);
dname[0] = '\0';
[-- Attachment #2 --]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.5 (FreeBSD)
Comment: For info see http://www.gnupg.org
iD8DBQE6954QWry0BWjoQKURAsnRAJoCfTy2j6RqQPWkf12ex8TANtTmKwCeMm31
kLEReyjFUAKFIvxXdFatMRs=
=kSJz
-----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010508001945.A86617>