- change setgid kmem programs (that lend themselves to this) so setegid(getgid())

and the top, and then set the effective gid back to kmem around the call to
  kvm_openfiles().  this reduces the time group kmem is available.
- for those above that also allow this, setgid(getgid()) after the call to
  kvm_openfiles() to fully revoke priviledges.
- some KNF
- use err(3) over fprintf(3) in some places
This commit is contained in:
mrg 1998-07-06 07:50:18 +00:00
parent 32f519716b
commit 80efe80bc9
12 changed files with 188 additions and 80 deletions

View File

@ -1,4 +1,4 @@
/* $NetBSD: ps.c,v 1.20 1997/09/14 08:57:38 lukem Exp $ */
/* $NetBSD: ps.c,v 1.21 1998/07/06 07:50:18 mrg Exp $ */
/*-
* Copyright (c) 1990, 1993, 1994
@ -43,7 +43,7 @@ __COPYRIGHT("@(#) Copyright (c) 1990, 1993, 1994\n\
#if 0
static char sccsid[] = "@(#)ps.c 8.4 (Berkeley) 4/2/94";
#else
__RCSID("$NetBSD: ps.c,v 1.20 1997/09/14 08:57:38 lukem Exp $");
__RCSID("$NetBSD: ps.c,v 1.21 1998/07/06 07:50:18 mrg Exp $");
#endif
#endif /* not lint */
@ -116,10 +116,12 @@ main(argc, argv)
dev_t ttydev;
pid_t pid;
uid_t uid;
gid_t egid = getegid();
int all, ch, flag, i, fmt, lineno, nentries;
int prtheader, wflag, what, xflg;
char *nlistf, *memf, *swapf, errbuf[_POSIX2_LINE_MAX];
(void)setegid(getgid());
if ((ioctl(STDOUT_FILENO, TIOCGWINSZ, (char *)&ws) == -1 &&
ioctl(STDERR_FILENO, TIOCGWINSZ, (char *)&ws) == -1 &&
ioctl(STDIN_FILENO, TIOCGWINSZ, (char *)&ws) == -1) ||
@ -265,16 +267,23 @@ main(argc, argv)
}
#endif
/*
* Discard setgid privileges if not the running kernel so that bad
* guys can't print interesting stuff from kernel memory.
* Discard setgid privileges. If not the running kernel, we toss
* them away totally so that bad guys can't print interesting stuff
* from kernel memory, otherwise switch back to kmem for the
* duration of the kvm_openfiles() call.
*/
if (nlistf != NULL || memf != NULL || swapf != NULL)
setgid(getgid());
(void)setgid(getgid());
else
(void)setegid(egid);
kd = kvm_openfiles(nlistf, memf, swapf, O_RDONLY, errbuf);
if (kd == 0)
errx(1, "%s", errbuf);
if (nlistf == NULL && memf == NULL && swapf == NULL)
(void)setgid(getgid());
if (!fmt)
parsefmt(dfmt);

View File

@ -1,4 +1,4 @@
/* $NetBSD: ccdconfig.c,v 1.19 1998/02/03 09:13:49 mrg Exp $ */
/* $NetBSD: ccdconfig.c,v 1.20 1998/07/06 07:50:19 mrg Exp $ */
/*-
* Copyright (c) 1996, 1997 The NetBSD Foundation, Inc.
@ -41,7 +41,7 @@
__COPYRIGHT(
"@(#) Copyright (c) 1996, 1997\
The NetBSD Foundation, Inc. All rights reserved.");
__RCSID("$NetBSD: ccdconfig.c,v 1.19 1998/02/03 09:13:49 mrg Exp $");
__RCSID("$NetBSD: ccdconfig.c,v 1.20 1998/07/06 07:50:19 mrg Exp $");
#endif
#include <sys/param.h>
@ -70,7 +70,9 @@ __RCSID("$NetBSD: ccdconfig.c,v 1.19 1998/02/03 09:13:49 mrg Exp $");
extern char *__progname;
static size_t lineno;
static gid_t egid;
static int verbose;
static char *ccdconf = _PATH_CCDCONF;
@ -122,6 +124,8 @@ main(argc, argv)
{
int ch, options = 0, action = CCD_CONFIG;
egid = getegid();
setegid(getgid());
while ((ch = getopt(argc, argv, "cCf:gM:N:suUv")) != -1) {
switch (ch) {
case 'c':
@ -179,10 +183,15 @@ main(argc, argv)
usage();
/*
* Discard setgid privileges if not the running kernel so that bad
* guys can't print interesting stuff from kernel memory.
* Discard setgid privileges. If not the running kernel, we toss
* them away totally so that bad guys can't print interesting stuff
* from kernel memory, otherwise switch back to kmem for the
* duration of the kvm_openfiles() call.
*
* We also do this if we aren't just looking...
*/
if (core != NULL || kernel != NULL)
if (core != NULL || kernel != NULL ||
(action != CCD_DUMP && action != CCD_STATS))
setgid(getgid());
switch (action) {
@ -335,11 +344,9 @@ do_all(action)
char *line, *cp, *vp, **argv;
int argc, rval;
size_t len;
gid_t egid;
rval = 0;
egid = getegid();
(void)setegid(getgid());
if ((f = fopen(ccdconf, "r")) == NULL) {
(void)setegid(egid);
@ -520,11 +527,13 @@ dump_ccd(argc, argv, action)
memset(errbuf, 0, sizeof(errbuf));
(void)setegid(egid);
if ((kd = kvm_openfiles(kernel, core, NULL, O_RDONLY,
errbuf)) == NULL) {
warnx("can't open kvm: %s", errbuf);
return (1);
}
(void)setgid(getgid());
if (kvm_nlist(kd, nl))
KVM_ABORT(kd, "ccd-related symbols not available");

View File

@ -1,4 +1,4 @@
/* $NetBSD: fstat.c,v 1.25 1998/07/03 15:49:25 msaitoh Exp $ */
/* $NetBSD: fstat.c,v 1.26 1998/07/06 07:50:19 mrg Exp $ */
/*-
* Copyright (c) 1988, 1993
@ -43,7 +43,7 @@ __COPYRIGHT("@(#) Copyright (c) 1988, 1993\n\
#if 0
static char sccsid[] = "@(#)fstat.c 8.3 (Berkeley) 5/2/95";
#else
__RCSID("$NetBSD: fstat.c,v 1.25 1998/07/03 15:49:25 msaitoh Exp $");
__RCSID("$NetBSD: fstat.c,v 1.26 1998/07/06 07:50:19 mrg Exp $");
#endif
#endif /* not lint */
@ -171,7 +171,9 @@ main(argc, argv)
char *memf, *nlistf;
char buf[_POSIX2_LINE_MAX];
int cnt;
gid_t egid = getegid();
(void)setegid(getgid());
arg = 0;
what = KERN_PROC_ALL;
nlistf = memf = NULL;
@ -238,16 +240,23 @@ main(argc, argv)
}
/*
* Discard setgid privileges if not the running kernel so that bad
* guys can't print interesting stuff from kernel memory.
* Discard setgid privileges. If not the running kernel, we toss
* them away totally so that bad guys can't print interesting stuff
* from kernel memory, otherwise switch back to kmem for the
* duration of the kvm_openfiles() call.
*/
if (nlistf != NULL || memf != NULL)
setgid(getgid());
(void)setgid(getgid());
else
(void)setegid(egid);
if ((kd = kvm_openfiles(nlistf, memf, NULL, O_RDONLY, buf)) == NULL)
errx(1, "%s", buf);
/* get rid of it now anyway */
if (nlistf == NULL && memf == NULL)
(void)setgid(getgid());
if ((kd = kvm_openfiles(nlistf, memf, NULL, O_RDONLY, buf)) == NULL) {
fprintf(stderr, "fstat: %s\n", buf);
exit(1);
}
#ifdef notdef
if (kvm_nlist(kd, nl) != 0) {
fprintf(stderr, "fstat: no namelist: %s\n", kvm_geterr(kd));
@ -797,6 +806,7 @@ getfname(filename)
void
usage()
{
(void)fprintf(stderr,
"usage: fstat [-fnv] [-p pid] [-u user] [-N system] [-M core] [file ...]\n");
exit(1);

View File

@ -1,4 +1,4 @@
/* $NetBSD: ipcs.c,v 1.15 1998/04/01 21:10:30 kleink Exp $ */
/* $NetBSD: ipcs.c,v 1.16 1998/07/06 07:50:19 mrg Exp $ */
/*
* Copyright (c) 1994 SigmaSoft, Th. Lockert <tholo@sigmasoft.com>
@ -143,6 +143,7 @@ main(argc, argv)
char *core = NULL, *namelist = NULL;
char errbuf[_POSIX2_LINE_MAX];
int i;
gid_t egid = getegid();
while ((i = getopt(argc, argv, "MmQqSsabC:cN:optT")) != -1)
switch (i) {
@ -196,16 +197,24 @@ main(argc, argv)
}
/*
* Discard setgid privelidges if not the running kernel so that
* bad guys can't print interesting stuff from kernel memory.
* Discard setgid privileges. If not the running kernel, we toss
* them away totally so that bad guys can't print interesting stuff
* from kernel memory, otherwise switch back to kmem for the
* duration of the kvm_openfiles() call.
*/
if (namelist != NULL || core != NULL)
setgid(getgid());
(void)setgid(getgid());
else
(void)setegid(egid);
if ((kd = kvm_openfiles(namelist, core, NULL, O_RDONLY,
errbuf)) == NULL)
errx(1, "can't open kvm: %s", errbuf);
/* get rid of it now anyway */
if (namelist == NULL && core == NULL)
(void)setgid(getgid());
switch (kvm_nlist(kd, symbols)) {
case 0:
break;

View File

@ -1,4 +1,4 @@
/* $NetBSD: main.c,v 1.14 1998/06/03 02:41:11 thorpej Exp $ */
/* $NetBSD: main.c,v 1.15 1998/07/06 07:50:19 mrg Exp $ */
/*
* Copyright (c) 1983, 1988, 1993
@ -43,7 +43,7 @@ __COPYRIGHT("@(#) Copyright (c) 1983, 1988, 1993\n\
#if 0
static char sccsid[] = "from: @(#)main.c 8.4 (Berkeley) 3/1/94";
#else
__RCSID("$NetBSD: main.c,v 1.14 1998/06/03 02:41:11 thorpej Exp $");
__RCSID("$NetBSD: main.c,v 1.15 1998/07/06 07:50:19 mrg Exp $");
#endif
#endif /* not lint */
@ -55,6 +55,7 @@ __RCSID("$NetBSD: main.c,v 1.14 1998/06/03 02:41:11 thorpej Exp $");
#include <netinet/in.h>
#include <ctype.h>
#include <err.h>
#include <errno.h>
#include <kvm.h>
#include <limits.h>
@ -225,7 +226,9 @@ main(argc, argv)
char *nlistf = NULL, *memf = NULL;
char buf[_POSIX2_LINE_MAX], *cp;
u_long pcbaddr;
gid_t egid = getegid();
(void)setegid(getgid());
tp = NULL;
af = AF_UNSPEC;
pcbaddr = 0;
@ -345,17 +348,23 @@ main(argc, argv)
#endif
/*
* Discard setgid privileges if not the running kernel so that bad
* guys can't print interesting stuff from kernel memory.
* Discard setgid privileges. If not the running kernel, we toss
* them away totally so that bad guys can't print interesting stuff
* from kernel memory, otherwise switch back to kmem for the
* duration of the kvm_openfiles() call.
*/
if (nlistf != NULL || memf != NULL)
setgid(getgid());
(void)setgid(getgid());
else
(void)setegid(egid);
if ((kvmd = kvm_openfiles(nlistf, memf, NULL, O_RDONLY,
buf)) == NULL) {
fprintf(stderr, "%s: kvm_open: %s\n", __progname, buf);
exit(1);
}
buf)) == NULL)
errx(1, "%s", buf);
if (nlistf == NULL && memf == NULL)
(void)setgid(getgid());
if (kvm_nlist(kvmd, nl) < 0 || nl[0].n_type == 0) {
if (nlistf)
fprintf(stderr, "%s: %s: no namelist\n", __progname,

View File

@ -1,4 +1,4 @@
/* $NetBSD: nfsstat.c,v 1.13 1998/07/05 08:15:16 mrg Exp $ */
/* $NetBSD: nfsstat.c,v 1.14 1998/07/06 07:50:20 mrg Exp $ */
/*
* Copyright (c) 1983, 1989, 1993
@ -46,7 +46,7 @@ __COPYRIGHT("@(#) Copyright (c) 1983, 1989, 1993\n\
#if 0
static char sccsid[] = "from: @(#)nfsstat.c 8.1 (Berkeley) 6/6/93";
#else
__RCSID("$NetBSD: nfsstat.c,v 1.13 1998/07/05 08:15:16 mrg Exp $");
__RCSID("$NetBSD: nfsstat.c,v 1.14 1998/07/06 07:50:20 mrg Exp $");
#endif
#endif /* not lint */
@ -99,7 +99,9 @@ main(argc, argv)
int ch;
char *memf, *nlistf;
char errbuf[_POSIX2_LINE_MAX];
gid_t egid = getegid();
(void)setegid(getgid());
interval = 0;
memf = nlistf = NULL;
printall = 1;
@ -141,15 +143,23 @@ main(argc, argv)
}
#endif
/*
* Discard setgid privileges if not the running kernel so that bad
* guys can't print interesting stuff from kernel memory.
* Discard setgid privileges. If not the running kernel, we toss
* them away totally so that bad guys can't print interesting stuff
* from kernel memory, otherwise switch back to kmem for the
* duration of the kvm_openfiles() call.
*/
if (nlistf != NULL || memf != NULL)
setgid(getgid());
(void)setgid(getgid());
else
(void)setegid(egid);
if ((kd = kvm_openfiles(nlistf, memf, NULL, O_RDONLY, errbuf)) == 0)
errx(1, "kvm_openfiles: %s", errbuf);
setgid(getgid()); /* do this now anyway */
/* get rid of it now anyway */
if (nlistf == NULL && memf == NULL)
(void)setgid(getgid());
if (kvm_nlist(kd, nl) != 0)
errx(1, "kvm_nlist: can't get names");

View File

@ -1,4 +1,4 @@
/* $NetBSD: dkstats.c,v 1.3 1998/07/05 08:02:34 mrg Exp $ */
/* $NetBSD: dkstats.c,v 1.4 1998/07/06 07:50:20 mrg Exp $ */
/*
* Copyright (c) 1996 John M. Vinopal
@ -191,6 +191,9 @@ dkinit(select)
if ((kd = kvm_openfiles(nlistf, memf, NULL, O_RDONLY, errbuf)) == NULL)
errx(1, "kvm_openfiles: %s", errbuf);
/* we are finished with privs now */
(void)setgid(getgid());
/* Obtain the namelist symbols from the kernel. */
if (kvm_nlist(kd, namelist))
KVM_ERROR("kvm_nlist failed to read symbols.");

View File

@ -1,4 +1,4 @@
/* $NetBSD: vmstat.c,v 1.47 1998/07/05 08:02:34 mrg Exp $ */
/* $NetBSD: vmstat.c,v 1.48 1998/07/06 07:50:20 mrg Exp $ */
/*-
* Copyright (c) 1998 The NetBSD Foundation, Inc.
@ -80,7 +80,7 @@ __COPYRIGHT("@(#) Copyright (c) 1980, 1986, 1991, 1993\n\
#if 0
static char sccsid[] = "@(#)vmstat.c 8.2 (Berkeley) 3/1/95";
#else
__RCSID("$NetBSD: vmstat.c,v 1.47 1998/07/05 08:02:34 mrg Exp $");
__RCSID("$NetBSD: vmstat.c,v 1.48 1998/07/06 07:50:20 mrg Exp $");
#endif
#endif /* not lint */
@ -224,10 +224,12 @@ main(argc, argv)
u_int interval;
int reps;
char errbuf[_POSIX2_LINE_MAX];
gid_t egid = getegid();
#if defined(UVM)
const char *histname = NULL;
#endif
(void)setegid(getgid());
memf = nlistf = NULL;
interval = reps = todo = 0;
#if defined(UVM)
@ -285,17 +287,25 @@ main(argc, argv)
todo = VMSTAT;
/*
* Discard setgid privileges if not the running kernel so that bad
* guys can't print interesting stuff from kernel memory.
* Discard setgid privileges. If not the running kernel, we toss
* them away totally so that bad guys can't print interesting stuff
* from kernel memory, otherwise switch back to kmem for the
* duration of the kvm_openfiles() call.
*/
if (nlistf != NULL || memf != NULL)
setgid(getgid());
(void)setgid(getgid());
else
(void)setegid(egid);
kd = kvm_openfiles(nlistf, memf, NULL, O_RDONLY, errbuf);
if (kd == 0) {
(void)fprintf(stderr,
"vmstat: kvm_openfiles: %s\n", errbuf);
exit(1);
if (kd == 0)
errx(1, "kvm_openfiles: %s\n", errbuf);
if (nlistf == NULL && memf == NULL) {
if (todo & VMSTAT)
(void)setegid(getgid()); /* XXX: dkinit */
else
(void)setgid(getgid());
}
if ((c = kvm_nlist(kd, namelist)) != 0) {

View File

@ -1,4 +1,4 @@
/* $NetBSD: w.c,v 1.29 1998/07/06 06:56:43 mrg Exp $ */
/* $NetBSD: w.c,v 1.30 1998/07/06 07:50:20 mrg Exp $ */
/*-
* Copyright (c) 1980, 1991, 1993, 1994
@ -43,7 +43,7 @@ __COPYRIGHT("@(#) Copyright (c) 1980, 1991, 1993, 1994\n\
#if 0
static char sccsid[] = "@(#)w.c 8.6 (Berkeley) 6/30/94";
#else
__RCSID("$NetBSD: w.c,v 1.29 1998/07/06 06:56:43 mrg Exp $");
__RCSID("$NetBSD: w.c,v 1.30 1998/07/06 07:50:20 mrg Exp $");
#endif
#endif /* not lint */
@ -130,9 +130,12 @@ main(argc, argv)
FILE *ut;
struct in_addr l;
int ch, i, nentries, nusers, wcmd;
gid_t egid = getegid();
char *memf, *nlistf, *p, *x;
char buf[MAXHOSTNAMELEN], errbuf[_POSIX2_LINE_MAX];
(void)setegid(getgid());
/* Are we w(1) or uptime(1)? */
p = __progname;
if (*p == '-')
@ -175,15 +178,23 @@ main(argc, argv)
argv += optind;
/*
* Discard setgid privelidges if not the running kernel so that
* bad guys can't print interesting stuff from kernel memory.
* Discard setgid privileges. If not the running kernel, we toss
* them away totally so that bad guys can't print interesting stuff
* from kernel memory, otherwise switch back to kmem for the
* duration of the kvm_openfiles() call.
*/
if (nlistf != NULL || memf != NULL)
setgid(getgid());
(void)setgid(getgid());
else
(void)setegid(egid);
if ((kd = kvm_openfiles(nlistf, memf, NULL, O_RDONLY, errbuf)) == NULL)
if ((kd = kvm_openfiles(nlistf, memf, NULL, O_RDONLY, buf)) == NULL)
errx(1, "%s", errbuf);
/* get rid of it now anyway */
if (nlistf == NULL && memf == NULL)
(void)setgid(getgid());
(void)time(&now);
if ((ut = fopen(_PATH_UTMP, "r")) == NULL)
err(1, "%s", _PATH_UTMP);

View File

@ -1,4 +1,4 @@
/* $NetBSD: slstats.c,v 1.10 1997/10/18 11:38:26 lukem Exp $ */
/* $NetBSD: slstats.c,v 1.11 1998/07/06 07:50:20 mrg Exp $ */
/*
* print serial line IP statistics:
@ -25,7 +25,7 @@
#include <sys/cdefs.h>
#ifndef lint
__RCSID("$NetBSD: slstats.c,v 1.10 1997/10/18 11:38:26 lukem Exp $");
__RCSID("$NetBSD: slstats.c,v 1.11 1998/07/06 07:50:20 mrg Exp $");
#endif
#define INET
@ -87,8 +87,10 @@ main(argc, argv)
char *argv[];
{
char errbuf[_POSIX2_LINE_MAX];
gid_t egid = getegid();
int ch;
setegid(getgid());
while ((ch = getopt(argc, argv, "i:M:N:v")) != -1) {
switch (ch) {
case 'i':
@ -132,16 +134,24 @@ main(argc, argv)
}
/*
* Discard setgid privileges if not the running kernel so that bad
* guys can't print interesting stuff from kernel memory.
* Discard setgid privileges. If not the running kernel, we toss
* them away totally so that bad guys can't print interesting stuff
* from kernel memory, otherwise switch back to kmem for the
* duration of the kvm_openfiles() call.
*/
if (kmemf != NULL || kernel != NULL)
setgid(getgid());
(void)setgid(getgid());
else
(void)setegid(egid);
memset(errbuf, 0, sizeof(errbuf));
if ((kd = kvm_openfiles(kernel, kmemf, NULL, O_RDONLY, errbuf)) == NULL)
errx(1, "can't open kvm: %s", errbuf);
/* get rid of it now anyway */
if (kmemf == NULL && kernel == NULL)
setgid(getgid());
if (kvm_nlist(kd, nl) < 0 || nl[0].n_type == 0)
errx(1, "%s: SLIP symbols not in namelist",
kernel == NULL ? _PATH_UNIX : kernel);
@ -157,7 +167,7 @@ void
usage()
{
fprintf(stderr, "usage: %s [-M core] [-N system] [-i interval] %s",
(void)fprintf(stderr, "usage: %s [-M core] [-N system] [-i interval] %s",
__progname, "[-v] [unit]\n");
exit(1);
}
@ -192,47 +202,46 @@ intpr()
(void)alarm(interval);
if ((line % 20) == 0) {
printf("%8.8s %6.6s %6.6s %6.6s %6.6s",
(void)printf("%8.8s %6.6s %6.6s %6.6s %6.6s",
"IN", "PACK", "COMP", "UNCOMP", "ERR");
if (vflag)
printf(" %6.6s %6.6s", "TOSS", "IP");
printf(" | %8.8s %6.6s %6.6s %6.6s %6.6s",
(void)printf(" | %8.8s %6.6s %6.6s %6.6s %6.6s",
"OUT", "PACK", "COMP", "UNCOMP", "IP");
if (vflag)
printf(" %6.6s %6.6s", "SEARCH", "MISS");
putchar('\n');
(void)printf(" %6.6s %6.6s", "SEARCH", "MISS");
(void)putchar('\n');
}
printf("%8lu %6ld %6u %6u %6u",
(void)printf("%8lu %6ld %6u %6u %6u",
V(sc_if.if_ibytes),
(long)V(sc_if.if_ipackets),
V(sc_comp.sls_compressedin),
V(sc_comp.sls_uncompressedin),
V(sc_comp.sls_errorin));
if (vflag)
printf(" %6u %6lu",
(void)printf(" %6u %6lu",
V(sc_comp.sls_tossed),
V(sc_if.if_ipackets) -
V(sc_comp.sls_compressedin) -
V(sc_comp.sls_uncompressedin) -
V(sc_comp.sls_errorin));
printf(" | %8lu %6ld %6u %6u %6lu",
(void)printf(" | %8lu %6ld %6u %6u %6lu",
V(sc_if.if_obytes),
V(sc_if.if_opackets),
V(sc_comp.sls_compressed),
V(sc_comp.sls_packets) - V(sc_comp.sls_compressed),
V(sc_if.if_opackets) - V(sc_comp.sls_packets));
if (vflag)
printf(" %6u %6u",
(void)printf(" %6u %6u",
V(sc_comp.sls_searches),
V(sc_comp.sls_misses));
putchar('\n');
(void)putchar('\n');
fflush(stdout);
line++;
oldmask = sigblock(sigmask(SIGALRM));
if (! signalled) {
if (!signalled)
sigpause(0);
}
sigsetmask(oldmask);
signalled = 0;
(void)alarm(interval);
@ -248,5 +257,6 @@ void
catchalarm(dummy)
int dummy;
{
signalled = 1;
}

View File

@ -1,4 +1,4 @@
/* $NetBSD: trpt.c,v 1.7 1997/07/23 16:41:43 thorpej Exp $ */
/* $NetBSD: trpt.c,v 1.8 1998/07/06 07:50:20 mrg Exp $ */
/*-
* Copyright (c) 1997 The NetBSD Foundation, Inc.
@ -81,7 +81,7 @@ __COPYRIGHT(
#if 0
static char sccsid[] = "@(#)trpt.c 8.1 (Berkeley) 6/6/93";
#else
__RCSID("$NetBSD: trpt.c,v 1.7 1997/07/23 16:41:43 thorpej Exp $");
__RCSID("$NetBSD: trpt.c,v 1.8 1998/07/06 07:50:20 mrg Exp $");
#endif
#endif /* not lint */
@ -154,7 +154,9 @@ main(argc, argv)
{
int ch, i, jflag, npcbs;
char *system, *core, *cp, errbuf[_POSIX2_LINE_MAX];
gid_t egid = getegid();
(void)setegid(getgid());
system = core = NULL;
jflag = npcbs = 0;
@ -203,16 +205,24 @@ main(argc, argv)
usage();
/*
* Discard setgid privileged if not the running kernel so that bad
* guys can't print interesting stuff from kernel memory.
* Discard setgid privileges. If not the running kernel, we toss
* them away totally so that bad guys can't print interesting stuff
* from kernel memory, otherwise switch back to kmem for the
* duration of the kvm_openfiles() call.
*/
if (core != NULL || system != NULL)
setgid(getgid());
else
setegid(egid);
kd = kvm_openfiles(system, core, NULL, O_RDONLY, errbuf);
if (kd == NULL)
errx(1, "can't open kmem: %s", errbuf);
/* get rid of it now anyway */
if (core == NULL && system == NULL)
setgid(getgid());
if (kvm_nlist(kd, nl))
errx(2, "%s: no namelist", system ? system : _PATH_UNIX);

View File

@ -1,4 +1,4 @@
/* $NetBSD: trsp.c,v 1.4 1997/07/23 18:20:49 thorpej Exp $ */
/* $NetBSD: trsp.c,v 1.5 1998/07/06 07:50:21 mrg Exp $ */
/*-
* Copyright (c) 1997 The NetBSD Foundation, Inc.
@ -81,7 +81,7 @@ __COPYRIGHT(
#if 0
static char sccsid[] = "@(#)trsp.c 8.1 (Berkeley) 6/6/93";
#else
__RCSID("$NetBSD: trsp.c,v 1.4 1997/07/23 18:20:49 thorpej Exp $");
__RCSID("$NetBSD: trsp.c,v 1.5 1998/07/06 07:50:21 mrg Exp $");
#endif
#endif /* not lint */
@ -159,7 +159,9 @@ main(argc, argv)
{
int ch, i, npcbs = 0;
char *system, *core, *cp, errbuf[_POSIX2_LINE_MAX];
gid_t egid = getegid();
(void)setegid(getgid());
system = core = NULL;
while ((ch = getopt(argc, argv, "azstjp:N:M:")) != -1) {
@ -209,12 +211,18 @@ main(argc, argv)
*/
if (core != NULL || system != NULL)
setgid(getgid());
else
setegid(egid);
kd = kvm_openfiles(system, core, NULL, zflag ? O_RDWR : O_RDONLY,
errbuf);
if (kd == NULL)
errx(1, "can't open kmem: %s", errbuf);
/* get rid of it now anyway */
if (core == NULL && system == NULL)
setgid(getgid());
if (kvm_nlist(kd, nl))
errx(2, "%s: no namelist", system ? system : _PATH_UNIX);