Source-Changes-D archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: CVS commit: src/usr.bin/pmap
In article <4E066765.6010807%free.fr@localhost>,
Jean-Yves Migeon <jeanyves.migeon%free.fr@localhost> wrote:
>On 24.06.2011 00:50, Christos Zoulas wrote:
>> Module Name: src
>> Committed By: christos
>> Date: Thu Jun 23 22:50:54 UTC 2011
>>
>> Modified Files:
>> src/usr.bin/pmap: main.c
>>
>> Log Message:
>> Don't give out information about processes we can't control.
>
>Thanks to Aleksey and you for fixing the procfs leak.
>
>I wonder whether pmap's code is the right place to check for
>"information" access control. It's difficult to modify except by
>patching the source, does not protect from abusing/finding exploits to
>circumvent the check (any executable that has kmem sgid rights is a
>target), and there are other potential tools usable out there (lsof(1),
>maybe?).
>
>Isn't it something that rather fits the kauth(9) ACLs?
We need to kill all the setgid kmem grovelers and use sysctl/procfs
to get data from the kernel. If one decides to compile and install
setuid or setgid programs that have information leaks, it is not
NetBSD's fault..
christos
Home |
Main Index |
Thread Index |
Old Index