Re: CVS commit: src/usr.bin/pmap

To: Jean-Yves Migeon <jeanyves.migeon%free.fr@localhost>
Subject: Re: CVS commit: src/usr.bin/pmap
From: David Holland <dholland-sourcechanges%netbsd.org@localhost>
Date: Mon, 27 Jun 2011 05:54:00 +0000

On Sun, Jun 26, 2011 at 12:55:33AM +0200, Jean-Yves Migeon wrote:
 > > Don't give out information about processes we can't control.
 > 
 > Thanks to Aleksey and you for fixing the procfs leak.
 > 
 > I wonder whether pmap's code is the right place to check for
 > "information" access control. It's difficult to modify except by
 > patching the source, does not protect from abusing/finding exploits to
 > circumvent the check (any executable that has kmem sgid rights is a
 > target), and there are other potential tools usable out there (lsof(1),
 > maybe?).

It used to e.g. give out the pathnames of all the files everyone on
the system has open, which is definitely not desirable. I remember I
had concerns about it when it first appeared, and I remember
contacting someone about it, but I don't remember who and neither they
nor I followed up at the time. :-/

-- 
David A. Holland
dholland%netbsd.org@localhost

References:
- Re: CVS commit: src/usr.bin/pmap
  - From: Jean-Yves Migeon

Prev by Date: Re: CVS commit: src/lib/libc/db/recno
Next by Date: Re: CVS commit: [cherry-xenmp] src/sys/arch/xen/x86
Previous by Thread: Re: CVS commit: src/usr.bin/pmap
Next by Thread: Re: CVS commit: [cherry-xenmp] src/sys/arch/xen
Indexes:

Home | Main Index | Thread Index | Old Index