Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/netbsd-9]: src/usr.bin/sockstat Pull up following revision(s) (requested...



details:   https://anonhg.NetBSD.org/src/rev/cc6a04f2ddc3
branches:  netbsd-9
changeset: 964114:cc6a04f2ddc3
user:      martin <martin%NetBSD.org@localhost>
date:      Sun Sep 13 12:00:45 2020 +0000

description:
Pull up following revision(s) (requested by kim in ticket #1079):

        usr.bin/sockstat/sockstat.c: revision 1.22
        usr.bin/sockstat/Makefile: revision 1.5
        usr.bin/sockstat/Makefile: revision 1.6

RR/54971: scole_mail: sockstat command output incorrect for normal
user As the PR hints, it is not enough to have kern.expose_address=1
to see kernel addresses, we also need to have the PK_KMEM bit set
which we achieve by installing sockstat setgid kmem and opening
and closing /dev/mem. (/usr/src/sys/kern/kern_proc.c:311). It is
unfortunate that we need to give the program more privilege, to
prove to the kernel that we have the privilege to see the data.

turn on fortify since it is setgid (from scole_mail)

diffstat:

 usr.bin/sockstat/Makefile   |  5 ++++-
 usr.bin/sockstat/sockstat.c |  9 +++++++--
 2 files changed, 11 insertions(+), 3 deletions(-)

diffs (46 lines):

diff -r 3edf63edb7cc -r cc6a04f2ddc3 usr.bin/sockstat/Makefile
--- a/usr.bin/sockstat/Makefile Sun Sep 13 11:56:44 2020 +0000
+++ b/usr.bin/sockstat/Makefile Sun Sep 13 12:00:45 2020 +0000
@@ -1,8 +1,11 @@
-#      $NetBSD: Makefile,v 1.3.46.1 2019/08/19 16:01:52 martin Exp $
+#      $NetBSD: Makefile,v 1.3.46.2 2020/09/13 12:00:45 martin Exp $
 
 .include <bsd.own.mk>
 
 RUMPPRG=       sockstat
+BINGRP= kmem
+BINMODE=2555
+USE_FORT?= yes # setgid
 
 .PATH:  ${.CURDIR}/../../lib/libc/gen
 CPPFLAGS+= -DRUMP_ACTION
diff -r 3edf63edb7cc -r cc6a04f2ddc3 usr.bin/sockstat/sockstat.c
--- a/usr.bin/sockstat/sockstat.c       Sun Sep 13 11:56:44 2020 +0000
+++ b/usr.bin/sockstat/sockstat.c       Sun Sep 13 12:00:45 2020 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: sockstat.c,v 1.20.2.1 2019/08/19 16:01:52 martin Exp $ */
+/*     $NetBSD: sockstat.c,v 1.20.2.2 2020/09/13 12:00:45 martin Exp $ */
 
 /*
  * Copyright (c) 2005 The NetBSD Foundation, Inc.
@@ -31,7 +31,7 @@
 
 #include <sys/cdefs.h>
 #ifndef lint
-__RCSID("$NetBSD: sockstat.c,v 1.20.2.1 2019/08/19 16:01:52 martin Exp $");
+__RCSID("$NetBSD: sockstat.c,v 1.20.2.2 2020/09/13 12:00:45 martin Exp $");
 #endif
 
 #define _KMEMUSER
@@ -179,6 +179,11 @@
        if (prog_init && prog_init() == -1)
                err(1, "init");
 
+       /* Not used, but we set the PK_KMEM flag like this */
+       int fd = open("/dev/mem", O_RDONLY);
+       if (fd == -1)
+               err(EXIT_FAILURE, "Can't open `/dev/mem'");
+       close(fd);
        if ((portmap != NULL) && (pf_list == 0)) {
                pf_list = PF_LIST_INET;
 #ifdef INET6



Home | Main Index | Thread Index | Old Index