[src/trunk]: src/usr.bin/sockstat RR/54971: scole_mail: sockstat command outp...

[christos <christos%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/d84e06ec4d38
branches:  trunk
changeset: 937744:d84e06ec4d38
user:      christos <christos%NetBSD.org@localhost>
date:      Tue Aug 25 14:05:17 2020 +0000

description:
RR/54971: scole_mail: sockstat command output incorrect for normal
user As the PR hints, it is not enough to have kern.expose_address=1
to see kernel addresses, we also need to have the PK_KMEM bit set
which we achieve by installing sockstat setgid kmem and opening
and closing /dev/mem. (/usr/src/sys/kern/kern_proc.c:311). It is
unfortunate that we need to give the program more privilege, to
prove to the kernel that we have the privilege to see the data.

diffstat:

 usr.bin/sockstat/Makefile   |  4 +++-
 usr.bin/sockstat/sockstat.c |  9 +++++++--
 2 files changed, 10 insertions(+), 3 deletions(-)

diffs (45 lines):

diff -r 69366fa64def -r d84e06ec4d38 usr.bin/sockstat/Makefile
--- a/usr.bin/sockstat/Makefile Tue Aug 25 13:42:09 2020 +0000
+++ b/usr.bin/sockstat/Makefile Tue Aug 25 14:05:17 2020 +0000
@@ -1,8 +1,10 @@
-#      $NetBSD: Makefile,v 1.4 2019/08/18 04:13:24 kamil Exp $
+#      $NetBSD: Makefile,v 1.5 2020/08/25 14:05:17 christos Exp $
 
 .include <bsd.own.mk>
 
 RUMPPRG=       sockstat
+BINGRP= kmem
+BINMODE=2555
 
 .PATH:  ${.CURDIR}/../../lib/libc/gen
 CPPFLAGS+= -DRUMP_ACTION
diff -r 69366fa64def -r d84e06ec4d38 usr.bin/sockstat/sockstat.c
--- a/usr.bin/sockstat/sockstat.c       Tue Aug 25 13:42:09 2020 +0000
+++ b/usr.bin/sockstat/sockstat.c       Tue Aug 25 14:05:17 2020 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: sockstat.c,v 1.21 2019/08/18 04:13:24 kamil Exp $ */
+/*     $NetBSD: sockstat.c,v 1.22 2020/08/25 14:05:17 christos Exp $ */
 
 /*
  * Copyright (c) 2005 The NetBSD Foundation, Inc.
@@ -31,7 +31,7 @@
 
 #include <sys/cdefs.h>
 #ifndef lint
-__RCSID("$NetBSD: sockstat.c,v 1.21 2019/08/18 04:13:24 kamil Exp $");
+__RCSID("$NetBSD: sockstat.c,v 1.22 2020/08/25 14:05:17 christos Exp $");
 #endif
 
 #define _KMEMUSER
@@ -179,6 +179,11 @@
        if (prog_init && prog_init() == -1)
                err(1, "init");
 
+       /* Not used, but we set the PK_KMEM flag like this */
+       int fd = open("/dev/mem", O_RDONLY);
+       if (fd == -1)
+               err(EXIT_FAILURE, "Can't open `/dev/mem'");
+       close(fd);
        if ((portmap != NULL) && (pf_list == 0)) {
                pf_list = PF_LIST_INET;
 #ifdef INET6