From d7e70183dd68ef56c2783038a68fdb3298b7f647 Mon Sep 17 00:00:00 2001
From: ru <ru@FreeBSD.org>
Date: Fri, 31 Aug 2001 16:26:37 +0000
Subject: SECURITY: Drop `setgid kmem' bit as early as possible.

---
 usr.sbin/pstat/pstat.c | 1 +
 usr.sbin/trpt/trpt.c   | 1 +
 2 files changed, 2 insertions(+)

(limited to 'usr.sbin')

diff --git a/usr.sbin/pstat/pstat.c b/usr.sbin/pstat/pstat.c
index 595f48a..a635842 100644
--- a/usr.sbin/pstat/pstat.c
+++ b/usr.sbin/pstat/pstat.c
@@ -291,6 +291,7 @@ main(argc, argv)
 
 	if ((kd = kvm_openfiles(nlistf, memf, NULL, O_RDONLY, buf)) == 0)
 		errx(1, "kvm_openfiles: %s", buf);
+	(void)setgid(getgid());
 	if ((ret = kvm_nlist(kd, nl)) != 0) {
 		if (ret == -1)
 			errx(1, "kvm_nlist: %s", kvm_geterr(kd));
diff --git a/usr.sbin/trpt/trpt.c b/usr.sbin/trpt/trpt.c
index aacd75d..98fd673 100644
--- a/usr.sbin/trpt/trpt.c
+++ b/usr.sbin/trpt/trpt.c
@@ -164,6 +164,7 @@ main(argc, argv)
 		errx(1, "%s: no namelist", system);
 	if ((memf = open(core, O_RDONLY)) < 0)
 		err(2, "%s", core);
+	setgid(getgid());
 	if (kflag)
 		errx(1, "can't do core files yet");
 	(void)klseek(memf, (off_t)nl[N_TCP_DEBX].n_value, L_SET);
-- 
cgit v1.1