Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/trunk]: src/usr.bin/pmap Restrict to root any command option that prints...



details:   https://anonhg.NetBSD.org/src/rev/094c581e8f67
branches:  trunk
changeset: 1015915:094c581e8f67
user:      chs <chs%NetBSD.org@localhost>
date:      Wed Nov 04 01:37:55 2020 +0000

description:
Restrict to root any command option that prints kernel addresses.

diffstat:

 usr.bin/pmap/main.c |  18 +++++++++---------
 usr.bin/pmap/pmap.c |  10 ++++------
 usr.bin/pmap/pmap.h |   5 ++---
 3 files changed, 15 insertions(+), 18 deletions(-)

diffs (110 lines):

diff -r d857e65e974f -r 094c581e8f67 usr.bin/pmap/main.c
--- a/usr.bin/pmap/main.c       Wed Nov 04 01:30:19 2020 +0000
+++ b/usr.bin/pmap/main.c       Wed Nov 04 01:37:55 2020 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: main.c,v 1.28 2020/03/22 14:41:32 ad Exp $ */
+/*     $NetBSD: main.c,v 1.29 2020/11/04 01:37:55 chs Exp $ */
 
 /*
  * Copyright (c) 2002, 2003, 2020 The NetBSD Foundation, Inc.
@@ -31,7 +31,7 @@
 
 #include <sys/cdefs.h>
 #ifndef lint
-__RCSID("$NetBSD: main.c,v 1.28 2020/03/22 14:41:32 ad Exp $");
+__RCSID("$NetBSD: main.c,v 1.29 2020/11/04 01:37:55 chs Exp $");
 #endif
 
 #include <sys/param.h>
@@ -121,6 +121,7 @@
        struct kbit kbit, *vmspace;
        u_long address;
 
+       uid = getuid();
        egid = getegid();
        if (setegid(getgid()) == -1)
                err(1, "failed to reset privileges");
@@ -231,11 +232,12 @@
            print_ddb == 0)
                print_solaris = 1;
 
-       /* get privs back if it appears to be safe, otherwise toss them */
-       if (kernel == NULL && kmem == NULL && address == 0)
-               rc = setegid(egid);
-       else
-               rc = setgid(getgid());
+       if ((kernel != NULL || kmem != NULL || address != 0 ||
+            print_ddb || debug) && uid != 0)
+               errx(1, "one or more options specified is restricted to root");
+
+       /* get privs back since it appears to be safe. */
+       rc = setegid(egid);
        if (rc == -1)
                err(1, "failed to reset privileges");
 
@@ -283,8 +285,6 @@
                exit(0);
        }
 
-       uid = getuid();
-
        do {
                if (pid == -1) {
                        if (argc == 0)
diff -r d857e65e974f -r 094c581e8f67 usr.bin/pmap/pmap.c
--- a/usr.bin/pmap/pmap.c       Wed Nov 04 01:30:19 2020 +0000
+++ b/usr.bin/pmap/pmap.c       Wed Nov 04 01:37:55 2020 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: pmap.c,v 1.55 2020/03/22 14:41:32 ad Exp $ */
+/*     $NetBSD: pmap.c,v 1.56 2020/11/04 01:37:55 chs Exp $ */
 
 /*
  * Copyright (c) 2002, 2003, 2020 The NetBSD Foundation, Inc.
@@ -31,7 +31,7 @@
 
 #include <sys/cdefs.h>
 #ifndef lint
-__RCSID("$NetBSD: pmap.c,v 1.55 2020/03/22 14:41:32 ad Exp $");
+__RCSID("$NetBSD: pmap.c,v 1.56 2020/11/04 01:37:55 chs Exp $");
 #endif
 
 #include <string.h>
@@ -483,9 +483,7 @@
 
        if (print_all) {
                sz = (size_t)((vme->end - vme->start) / 1024);
-               printf(A(vp) ?
-                      "%*s%0*"PRIxVADDR"-%0*"PRIxVADDR" %7luk %0*" PRIx64 " %c%c%c%c%c (%c%c%c) %d/%d/%d %02llu:%02llu %7llu - %s [%p]\n" :
-                      "%*s%0*"PRIxVADDR"-%0*"PRIxVADDR" %7luk %0*" PRIx64 " %c%c%c%c%c (%c%c%c) %d/%d/%d %02llu:%02llu %7llu - %s\n",
+               printf("%*s%0*"PRIxVADDR"-%0*"PRIxVADDR" %7luk %0*" PRIx64 " %c%c%c%c%c (%c%c%c) %d/%d/%d %02llu:%02llu %7llu - %s\n",
                       indent(2), "",
                       (int)sizeof(void *) * 2,
                       vme->start,
@@ -508,7 +506,7 @@
                       (unsigned long long)major(dev),
                       (unsigned long long)minor(dev),
                       (unsigned long long)inode,
-                      name, P(vp));
+                      name);
        }
 
        /* no access allowed, don't count space */
diff -r d857e65e974f -r 094c581e8f67 usr.bin/pmap/pmap.h
--- a/usr.bin/pmap/pmap.h       Wed Nov 04 01:30:19 2020 +0000
+++ b/usr.bin/pmap/pmap.h       Wed Nov 04 01:37:55 2020 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: pmap.h,v 1.12 2020/03/22 14:41:32 ad Exp $ */
+/*     $NetBSD: pmap.h,v 1.13 2020/11/04 01:37:55 chs Exp $ */
 
 /*
  * Copyright (c) 2002, 2003, 2020 The NetBSD Foundation, Inc.
@@ -98,8 +98,7 @@
        ((size_t)kvm_read((kd), (addr), (dst), (sz)) == (size_t)(sz))
 #define _KDEREF(kd, addr, dst, sz) do { \
        if (!_KDEREFOK((kd), (addr), (dst), (sz))) \
-               errx(1, "trying to read %lu (%s) bytes from %lx: %s", \
-                   (unsigned long)(sz), #sz, (addr), kvm_geterr(kd)); \
+               errx(1, "reading from kmem failed: %s", kvm_geterr(kd)); \
 } while (0/*CONSTCOND*/)
 
 /* suck the data using the structure */



Home | Main Index | Thread Index | Old Index