kern/40002: sockstat doesn't work for user with sysctl security.curtain=1

To: kern-bug-people%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost
Subject: kern/40002: sockstat doesn't work for user with sysctl security.curtain=1
From: shinden%linux.pl@localhost
Date: Sat, 22 Nov 2008 08:35:01 +0000 (UTC)

>Number:         40002
>Category:       kern
>Synopsis:       sockstat doesn't work for user with sysctl security.curtain=1
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sat Nov 22 08:35:00 +0000 2008
>Originator:     Daniel Horecki
>Release:        5.0BETA, CURRENT
>Organization:
>Environment:
NetBSD tatooine.stars 5.99.02 NetBSD 5.99.02 (TATOOINE) #2: Tue Nov 18 22:36:45 
CET 2008  
sh%tatooine.stars@localhost:/home/sh/src/obj/sys/arch/i386/compile/TATOOINE i386
>Description:
If security.curtain is enabled, sockstat won't display sockets belonging only 
to that user, but only an error.

sh@tatooine:~/ > sudo sysctl -w security.curtain=1
security.curtain: 0 -> 1
sh@tatooine:~/ > sockstat 
sockstat: sysctl: Operation not permitted
sh@tatooine:~/ > sudo sysctl -w security.curtain=0
security.curtain: 1 -> 0
sh@tatooine:~/ > sockstat                         
USER     COMMAND    PID   FD PROTO  LOCAL ADDRESS         FOREIGN ADDRESS
sh       dbus-launc 96     3 stream -                     /tmp/.X11-unix/X0
sh       dbus-launc 96     5 stream -                     /tmp/.X11-unix/X0
[...]


>How-To-Repeat:
sysctl -w security.curtain=1
as user:
sockstat

>Fix:

Prev by Date: kern/40001: Shared variable only defined for NFS client
Next by Date: Re: port-amd64/39967 (Kernel with COMPAT_NETBSD32 and without COMPAT_40 doesn't build)
Previous by Thread: kern/40001: Shared variable only defined for NFS client
Next by Thread: bin/40003: Adding wpa_cli to a ramdisk has duplicate symbols
Indexes:

Home | Main Index | Thread Index | Old Index