Ib-Michael Martinsen
> Recently the ps and top commands stopped working for ordinary users.
> I am not sure what caused it, but I would very much like to restore
> things to normal without having to re-install RiscBSD.
> 
> The symptoms for the errors were messages like the following:
> 
> imm@nethotel:/home/imm => top   
> kvm_open: /dev/mem: Permission denied
> 
> imm@nethotel:/home/imm => top
> kvm_open: /dev/kmem: Permission denied
> 
> imm@nethotel:/home/imm => top
> kvm_open: /dev/drum: Permission denied
> 
> What I did to circumvent the problems was to change the attributes
> of the device files from
> 
> crw-------   1 root  kmem        1,   0 Mar  2 19:32 drum
> crw-------   1 root  kmem        0,   1 Mar  2 19:32 kmem
> crw-------   1 root  kmem        0,   0 Mar  2 19:32 mem
> 
> to
> 
> crw-r--r--   1 root  kmem        1,   0 Mar  2 19:32 drum
> crw-r--r--   1 root  kmem        0,   1 Mar  2 19:32 kmem
> crw-r--r--   1 root  kmem        0,   0 Mar  2 19:32 mem

This is completely disastrous.  You have just allowed all users to read
the contents of each others processes.  Under no circumstances should
you do this.

> The attributes of ps and top are as follows:
> 
> -r-xr-sr-x  1 bin  kmem  233472 Oct 29  1997 /bin/ps
> -r-xr-xr-x  1 root  wheel  40960 Nov  6  1997 /usr/local/bin/top
> 
> Is my circumvention correct or should I do something else to
> fix the problems?

I would /think/ that both programs should be either suid root with
permission 600 on /dev/drum,mem,kmem or sgid kmem with permissions 640
on /dev/drum,kmem,mem.  I'm not a BSD expert; I don't know which the
preferred way is.  But I do know you've just opened up a security hole
so wide I could drive an oil supertanker through it.

-- 
Set Alias$Case Set Alias$[ |||| |MSet Alias$Otherwise Set Alias$[ \ Matthew
"" |MSet Alias$When If %0=%%0 Then Set Alias$[ "" ||MIf %0=%%0    \ Wilcox
Then Set Alias$Otherwise Set Alias$[ |||||||||||||||| ||MIf       \
%0=%%0 Then Set Alias$When Set Alias$[ ||||||||||||||||