netbsd-bugs: Re: kern/36661: any users can modify envsys setting

Subject: Re: kern/36661: any users can modify envsys setting
To: None <kern-bug-people@netbsd.org, gnats-admin@netbsd.org,>
From: Juan RP <juan@xtrarom.org>
List: netbsd-bugs
Date: 07/17/2007 15:10:04

The following reply was made to PR kern/36661; it has been noted by GNATS.

From: Juan RP <juan@xtrarom.org>
To: gnats-bugs@NetBSD.org
Cc: yamt@mwd.biglobe.ne.jp
Subject: Re: kern/36661: any users can modify envsys setting
Date: Tue, 17 Jul 2007 17:05:59 +0200

 On Tue, 17 Jul 2007 15:00:00 +0000 (UTC)
 yamt@mwd.biglobe.ne.jp wrote:
 
 > >Description:
 > 	ENVSYS_SETDICTIONARY can be used without write-access.
 > 	/dev/sysmon's mode mask is 644.
 > >How-To-Repeat:
 > 	
 > >Fix:
 > 	- make sysmonioctl_envsys check FWRITE for ENVSYS_SETDICTIONARY.
 > 	- make envstat(8) use O_WDWR when appropriate.
 
 I asked that two months ago when I started it. Nobody answered me if
 envstat -m should be used only by root or something like this.
 
 -- 
 Juan Romero Pardines	- The NetBSD Project
 http://plog.xtrarom.org	- NetBSD/pkgsrc news in Spanish