[src/netbsd-9]: src/usr.bin/sockstat Pull up following revision(s) (requested...

[martin <martin%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/b7388f10186c
branches:  netbsd-9
changeset: 938692:b7388f10186c
user:      martin <martin%NetBSD.org@localhost>
date:      Sun Sep 13 12:00:45 2020 +0000

description:
Pull up following revision(s) (requested by kim in ticket #1079):

        usr.bin/sockstat/sockstat.c: revision 1.22
        usr.bin/sockstat/Makefile: revision 1.5
        usr.bin/sockstat/Makefile: revision 1.6

RR/54971: scole_mail: sockstat command output incorrect for normal
user As the PR hints, it is not enough to have kern.expose_address=1
to see kernel addresses, we also need to have the PK_KMEM bit set
which we achieve by installing sockstat setgid kmem and opening
and closing /dev/mem. (/usr/src/sys/kern/kern_proc.c:311). It is
unfortunate that we need to give the program more privilege, to
prove to the kernel that we have the privilege to see the data.

turn on fortify since it is setgid (from scole_mail)

diffstat:

 usr.bin/sockstat/Makefile   |  5 ++++-
 usr.bin/sockstat/sockstat.c |  9 +++++++--
 2 files changed, 11 insertions(+), 3 deletions(-)

diffs (46 lines):

diff -r c9b6e5f83fab -r b7388f10186c usr.bin/sockstat/Makefile
--- a/usr.bin/sockstat/Makefile Sun Sep 13 11:56:44 2020 +0000
+++ b/usr.bin/sockstat/Makefile Sun Sep 13 12:00:45 2020 +0000
@@ -1,8 +1,11 @@
-#      $NetBSD: Makefile,v 1.3.46.1 2019/08/19 16:01:52 martin Exp $
+#      $NetBSD: Makefile,v 1.3.46.2 2020/09/13 12:00:45 martin Exp $
 
 .include <bsd.own.mk>
 
 RUMPPRG=       sockstat
+BINGRP= kmem
+BINMODE=2555
+USE_FORT?= yes # setgid
 
 .PATH:  ${.CURDIR}/../../lib/libc/gen
 CPPFLAGS+= -DRUMP_ACTION
diff -r c9b6e5f83fab -r b7388f10186c usr.bin/sockstat/sockstat.c
--- a/usr.bin/sockstat/sockstat.c       Sun Sep 13 11:56:44 2020 +0000
+++ b/usr.bin/sockstat/sockstat.c       Sun Sep 13 12:00:45 2020 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: sockstat.c,v 1.20.2.1 2019/08/19 16:01:52 martin Exp $ */
+/*     $NetBSD: sockstat.c,v 1.20.2.2 2020/09/13 12:00:45 martin Exp $ */
 
 /*
  * Copyright (c) 2005 The NetBSD Foundation, Inc.
@@ -31,7 +31,7 @@
 
 #include <sys/cdefs.h>
 #ifndef lint
-__RCSID("$NetBSD: sockstat.c,v 1.20.2.1 2019/08/19 16:01:52 martin Exp $");
+__RCSID("$NetBSD: sockstat.c,v 1.20.2.2 2020/09/13 12:00:45 martin Exp $");
 #endif
 
 #define _KMEMUSER
@@ -179,6 +179,11 @@
        if (prog_init && prog_init() == -1)
                err(1, "init");
 
+       /* Not used, but we set the PK_KMEM flag like this */
+       int fd = open("/dev/mem", O_RDONLY);
+       if (fd == -1)
+               err(EXIT_FAILURE, "Can't open `/dev/mem'");
+       close(fd);
        if ((portmap != NULL) && (pf_list == 0)) {
                pf_list = PF_LIST_INET;
 #ifdef INET6