diff options
| author | ru <ru@FreeBSD.org> | 2001-08-31 16:26:37 +0000 |
|---|---|---|
| committer | ru <ru@FreeBSD.org> | 2001-08-31 16:26:37 +0000 |
| commit | d7e70183dd68ef56c2783038a68fdb3298b7f647 (patch) | |
| tree | ab53d2e577c98daad47ff99c85bf950d53a8ed69 | |
| parent | 336fa381382db82c39a914894286106270b68110 (diff) | |
| download | FreeBSD-src-d7e70183dd68ef56c2783038a68fdb3298b7f647.zip FreeBSD-src-d7e70183dd68ef56c2783038a68fdb3298b7f647.tar.gz | |
SECURITY: Drop `setgid kmem' bit as early as possible.
| -rw-r--r-- | sbin/ccdconfig/ccdconfig.c | 2 | ||||
| -rw-r--r-- | usr.bin/fstat/fstat.c | 1 | ||||
| -rw-r--r-- | usr.bin/netstat/main.c | 1 | ||||
| -rw-r--r-- | usr.bin/vmstat/vmstat.c | 1 | ||||
| -rw-r--r-- | usr.sbin/pstat/pstat.c | 1 | ||||
| -rw-r--r-- | usr.sbin/trpt/trpt.c | 1 |
6 files changed, 7 insertions, 0 deletions
diff --git a/sbin/ccdconfig/ccdconfig.c b/sbin/ccdconfig/ccdconfig.c index aea08be..85103b1 100644 --- a/sbin/ccdconfig/ccdconfig.c +++ b/sbin/ccdconfig/ccdconfig.c @@ -511,6 +511,8 @@ dump_ccd(argc, argv) warnx("can't open kvm: %s", errbuf); return (1); } + setegid(getgid()); + setgid(getgid()); if (kvm_nlist(kd, nl)) KVM_ABORT(kd, "ccd-related symbols not available"); diff --git a/usr.bin/fstat/fstat.c b/usr.bin/fstat/fstat.c index 96be706..5ee9feb 100644 --- a/usr.bin/fstat/fstat.c +++ b/usr.bin/fstat/fstat.c @@ -236,6 +236,7 @@ main(argc, argv) if ((kd = kvm_openfiles(nlistf, memf, NULL, O_RDONLY, buf)) == NULL) errx(1, "%s", buf); + setgid(getgid()); #ifdef notdef if (kvm_nlist(kd, nl) != 0) errx(1, "no namelist: %s", kvm_geterr(kd)); diff --git a/usr.bin/netstat/main.c b/usr.bin/netstat/main.c index 4f373d1..30dfaa8 100644 --- a/usr.bin/netstat/main.c +++ b/usr.bin/netstat/main.c @@ -664,6 +664,7 @@ kread(u_long addr, char *buf, int size) * XXX. */ kvmd = kvm_openfiles(nlistf, memf, NULL, O_RDONLY, buf); + setgid(getgid()); if (kvmd != NULL) { if (kvm_nlist(kvmd, nl) < 0) { if(nlistf) diff --git a/usr.bin/vmstat/vmstat.c b/usr.bin/vmstat/vmstat.c index 9da1759..f48c918 100644 --- a/usr.bin/vmstat/vmstat.c +++ b/usr.bin/vmstat/vmstat.c @@ -241,6 +241,7 @@ main(argc, argv) kd = kvm_openfiles(nlistf, memf, NULL, O_RDONLY, errbuf); if (kd == 0) errx(1, "kvm_openfiles: %s", errbuf); + setgid(getgid()); if ((c = kvm_nlist(kd, namelist)) != 0) { if (c > 0) { diff --git a/usr.sbin/pstat/pstat.c b/usr.sbin/pstat/pstat.c index 595f48a..a635842 100644 --- a/usr.sbin/pstat/pstat.c +++ b/usr.sbin/pstat/pstat.c @@ -291,6 +291,7 @@ main(argc, argv) if ((kd = kvm_openfiles(nlistf, memf, NULL, O_RDONLY, buf)) == 0) errx(1, "kvm_openfiles: %s", buf); + (void)setgid(getgid()); if ((ret = kvm_nlist(kd, nl)) != 0) { if (ret == -1) errx(1, "kvm_nlist: %s", kvm_geterr(kd)); diff --git a/usr.sbin/trpt/trpt.c b/usr.sbin/trpt/trpt.c index aacd75d..98fd673 100644 --- a/usr.sbin/trpt/trpt.c +++ b/usr.sbin/trpt/trpt.c @@ -164,6 +164,7 @@ main(argc, argv) errx(1, "%s: no namelist", system); if ((memf = open(core, O_RDONLY)) < 0) err(2, "%s", core); + setgid(getgid()); if (kflag) errx(1, "can't do core files yet"); (void)klseek(memf, (off_t)nl[N_TCP_DEBX].n_value, L_SET); |
