Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/usr.bin/pmap Restrict to root any command option that prints...
details: https://anonhg.NetBSD.org/src/rev/13a1c63e5725
branches: trunk
changeset: 956656:13a1c63e5725
user: chs <chs%NetBSD.org@localhost>
date: Wed Nov 04 01:37:55 2020 +0000
description:
Restrict to root any command option that prints kernel addresses.
diffstat:
usr.bin/pmap/main.c | 18 +++++++++---------
usr.bin/pmap/pmap.c | 10 ++++------
usr.bin/pmap/pmap.h | 5 ++---
3 files changed, 15 insertions(+), 18 deletions(-)
diffs (110 lines):
diff -r 095aedd77a05 -r 13a1c63e5725 usr.bin/pmap/main.c
--- a/usr.bin/pmap/main.c Wed Nov 04 01:30:19 2020 +0000
+++ b/usr.bin/pmap/main.c Wed Nov 04 01:37:55 2020 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: main.c,v 1.28 2020/03/22 14:41:32 ad Exp $ */
+/* $NetBSD: main.c,v 1.29 2020/11/04 01:37:55 chs Exp $ */
/*
* Copyright (c) 2002, 2003, 2020 The NetBSD Foundation, Inc.
@@ -31,7 +31,7 @@
#include <sys/cdefs.h>
#ifndef lint
-__RCSID("$NetBSD: main.c,v 1.28 2020/03/22 14:41:32 ad Exp $");
+__RCSID("$NetBSD: main.c,v 1.29 2020/11/04 01:37:55 chs Exp $");
#endif
#include <sys/param.h>
@@ -121,6 +121,7 @@
struct kbit kbit, *vmspace;
u_long address;
+ uid = getuid();
egid = getegid();
if (setegid(getgid()) == -1)
err(1, "failed to reset privileges");
@@ -231,11 +232,12 @@
print_ddb == 0)
print_solaris = 1;
- /* get privs back if it appears to be safe, otherwise toss them */
- if (kernel == NULL && kmem == NULL && address == 0)
- rc = setegid(egid);
- else
- rc = setgid(getgid());
+ if ((kernel != NULL || kmem != NULL || address != 0 ||
+ print_ddb || debug) && uid != 0)
+ errx(1, "one or more options specified is restricted to root");
+
+ /* get privs back since it appears to be safe. */
+ rc = setegid(egid);
if (rc == -1)
err(1, "failed to reset privileges");
@@ -283,8 +285,6 @@
exit(0);
}
- uid = getuid();
-
do {
if (pid == -1) {
if (argc == 0)
diff -r 095aedd77a05 -r 13a1c63e5725 usr.bin/pmap/pmap.c
--- a/usr.bin/pmap/pmap.c Wed Nov 04 01:30:19 2020 +0000
+++ b/usr.bin/pmap/pmap.c Wed Nov 04 01:37:55 2020 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: pmap.c,v 1.55 2020/03/22 14:41:32 ad Exp $ */
+/* $NetBSD: pmap.c,v 1.56 2020/11/04 01:37:55 chs Exp $ */
/*
* Copyright (c) 2002, 2003, 2020 The NetBSD Foundation, Inc.
@@ -31,7 +31,7 @@
#include <sys/cdefs.h>
#ifndef lint
-__RCSID("$NetBSD: pmap.c,v 1.55 2020/03/22 14:41:32 ad Exp $");
+__RCSID("$NetBSD: pmap.c,v 1.56 2020/11/04 01:37:55 chs Exp $");
#endif
#include <string.h>
@@ -483,9 +483,7 @@
if (print_all) {
sz = (size_t)((vme->end - vme->start) / 1024);
- printf(A(vp) ?
- "%*s%0*"PRIxVADDR"-%0*"PRIxVADDR" %7luk %0*" PRIx64 " %c%c%c%c%c (%c%c%c) %d/%d/%d %02llu:%02llu %7llu - %s [%p]\n" :
- "%*s%0*"PRIxVADDR"-%0*"PRIxVADDR" %7luk %0*" PRIx64 " %c%c%c%c%c (%c%c%c) %d/%d/%d %02llu:%02llu %7llu - %s\n",
+ printf("%*s%0*"PRIxVADDR"-%0*"PRIxVADDR" %7luk %0*" PRIx64 " %c%c%c%c%c (%c%c%c) %d/%d/%d %02llu:%02llu %7llu - %s\n",
indent(2), "",
(int)sizeof(void *) * 2,
vme->start,
@@ -508,7 +506,7 @@
(unsigned long long)major(dev),
(unsigned long long)minor(dev),
(unsigned long long)inode,
- name, P(vp));
+ name);
}
/* no access allowed, don't count space */
diff -r 095aedd77a05 -r 13a1c63e5725 usr.bin/pmap/pmap.h
--- a/usr.bin/pmap/pmap.h Wed Nov 04 01:30:19 2020 +0000
+++ b/usr.bin/pmap/pmap.h Wed Nov 04 01:37:55 2020 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: pmap.h,v 1.12 2020/03/22 14:41:32 ad Exp $ */
+/* $NetBSD: pmap.h,v 1.13 2020/11/04 01:37:55 chs Exp $ */
/*
* Copyright (c) 2002, 2003, 2020 The NetBSD Foundation, Inc.
@@ -98,8 +98,7 @@
((size_t)kvm_read((kd), (addr), (dst), (sz)) == (size_t)(sz))
#define _KDEREF(kd, addr, dst, sz) do { \
if (!_KDEREFOK((kd), (addr), (dst), (sz))) \
- errx(1, "trying to read %lu (%s) bytes from %lx: %s", \
- (unsigned long)(sz), #sz, (addr), kvm_geterr(kd)); \
+ errx(1, "reading from kmem failed: %s", kvm_geterr(kd)); \
} while (0/*CONSTCOND*/)
/* suck the data using the structure */
Home |
Main Index |
Thread Index |
Old Index