Re: CVS commit: src/usr.bin/pmap

To: source-changes-d%NetBSD.org@localhost
Subject: Re: CVS commit: src/usr.bin/pmap
From: christos%astron.com@localhost (Christos Zoulas)
Date: Sun, 26 Jun 2011 00:52:56 +0000 (UTC)

In article <4E066765.6010807%free.fr@localhost>,
Jean-Yves Migeon  <jeanyves.migeon%free.fr@localhost> wrote:
>On 24.06.2011 00:50, Christos Zoulas wrote:
>> Module Name: src
>> Committed By:        christos
>> Date:                Thu Jun 23 22:50:54 UTC 2011
>> 
>> Modified Files:
>>      src/usr.bin/pmap: main.c
>> 
>> Log Message:
>> Don't give out information about processes we can't control.
>
>Thanks to Aleksey and you for fixing the procfs leak.
>
>I wonder whether pmap's code is the right place to check for
>"information" access control. It's difficult to modify except by
>patching the source, does not protect from abusing/finding exploits to
>circumvent the check (any executable that has kmem sgid rights is a
>target), and there are other potential tools usable out there (lsof(1),
>maybe?).
>
>Isn't it something that rather fits the kauth(9) ACLs?

We need to kill all the setgid kmem grovelers and use sysctl/procfs
to get data from the kernel. If one decides to compile and install
setuid or setgid programs that have information leaks, it is not
NetBSD's fault..

christos

References:
- Re: CVS commit: src/usr.bin/pmap
  - From: Jean-Yves Migeon

Prev by Date: Re: CVS commit: src/usr.bin/pmap
Next by Date: Re: CVS commit: [cherry-xenmp] src/sys/arch/xen
Previous by Thread: Re: CVS commit: src/usr.bin/pmap
Next by Thread: Re: CVS commit: src/usr.bin/pmap
Indexes:

Home | Main Index | Thread Index | Old Index