diff options
| author | Theo de Raadt <deraadt@cvs.openbsd.org> | 1996-05-30 09:11:28 +0000 |
|---|---|---|
| committer | Theo de Raadt <deraadt@cvs.openbsd.org> | 1996-05-30 09:11:28 +0000 |
| commit | 41981d661c44b639e39a98633f4f3a73850dc48e (patch) | |
| tree | 53347e2ee6881422eb0c41d5faefc0b6783161a0 /usr.bin | |
| parent | 28ef74179be25b670085ca4bcdb42ecf5f2a5e4c (diff) | |
revoke privs before opening kvm if user has specified mem/kernel paths
Diffstat (limited to 'usr.bin')
| -rw-r--r-- | usr.bin/ipcs/ipcs.c | 6 | ||||
| -rw-r--r-- | usr.bin/w/w.c | 7 |
2 files changed, 13 insertions, 0 deletions
diff --git a/usr.bin/ipcs/ipcs.c b/usr.bin/ipcs/ipcs.c index 38855e85e60..081eb086cd4 100644 --- a/usr.bin/ipcs/ipcs.c +++ b/usr.bin/ipcs/ipcs.c @@ -181,6 +181,12 @@ main(argc, argv) default: usage(); } + /* + * Discard setgid privileges if not the running kernel so that bad + * guys can't print interesting stuff from kernel memory. + */ + if (namelist != NULL || core != NULL) + setgid(getgid()); if ((kd = kvm_open(namelist, core, NULL, O_RDONLY, "ipcs")) == NULL) exit(1); diff --git a/usr.bin/w/w.c b/usr.bin/w/w.c index 1eee27dde0b..f7deb59f1f7 100644 --- a/usr.bin/w/w.c +++ b/usr.bin/w/w.c @@ -166,6 +166,13 @@ main(argc, argv) argc -= optind; argv += optind; + /* + * Discard setgid privileges if not the running kernel so that bad + * guys can't print interesting stuff from kernel memory. + */ + if (nlistf != NULL || memf != NULL) + setgid(getgid()); + if ((kd = kvm_openfiles(nlistf, memf, NULL, O_RDONLY, errbuf)) == NULL) errx(1, "%s", errbuf); |