Subject: Re: bin/2485: some kvm progs insecure
To: Olaf Seibert <>
From: Mike Grupenhoff <kashmir@umiacs.UMD.EDU>
List: netbsd-bugs
Date: 06/03/1996 09:02:57
On Mon, 3 Jun 1996, Olaf Seibert wrote:

> > +	if (system != _PATH_UNIX || kmemf != _PATH_KMEM)
> > +		setgid(getgid());
> I doubt if a patch like this is going to work. Remember, _PATH_UNIX and
> _PATH_KMEM are #defines for string literals, and different string
> literals, even if they contain the same text, may or may not have
> different addresses. I suggest using strcmp().

Yeah, I'm aware of this, but the compiler should crunch all duplicate
string literals down into one instance/address.  However, you're probably
correct that I shouldn't depend on this.  

The real fix here is probably to convert these programs to default to
passing NULL to kvm_open() instead of _PATH_UNIX and whatnot.  And while
you're hacking, you might as well convert to using kvm_openfiles() which
has much better error reporting facilities.