diff options
| -rw-r--r-- | sys/kern/kern_sysctl.c | 21 | ||||
| -rw-r--r-- | sys/sys/sysctl.h | 4 | ||||
| -rw-r--r-- | usr.bin/fstat/fstat.1 | 6 | ||||
| -rw-r--r-- | usr.bin/fstat/fstat.c | 34 |
4 files changed, 48 insertions, 17 deletions
diff --git a/sys/kern/kern_sysctl.c b/sys/kern/kern_sysctl.c index 1a0a15f00eb..84584964fd2 100644 --- a/sys/kern/kern_sysctl.c +++ b/sys/kern/kern_sysctl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kern_sysctl.c,v 1.161 2008/06/09 07:07:16 djm Exp $ */ +/* $OpenBSD: kern_sysctl.c,v 1.162 2008/10/07 02:20:11 deraadt Exp $ */ /* $NetBSD: kern_sysctl.c,v 1.17 1996/05/20 17:49:05 mrg Exp $ */ /*- @@ -347,7 +347,7 @@ kern_sysctl(int *name, u_int namelen, void *oldp, size_t *oldlenp, void *newp, p)); #endif case KERN_FILE: - return (sysctl_file(oldp, oldlenp)); + return (sysctl_file(oldp, oldlenp, p)); case KERN_MBSTAT: return (sysctl_rdstruct(oldp, oldlenp, newp, &mbstat, sizeof(mbstat))); @@ -923,11 +923,12 @@ sysctl_rdstruct(void *oldp, size_t *oldlenp, void *newp, const void *sp, * Get file structures. */ int -sysctl_file(char *where, size_t *sizep) +sysctl_file(char *where, size_t *sizep, struct proc *p) { int buflen, error; - struct file *fp; + struct file *fp, cfile; char *start = where; + struct ucred *cred = p->p_ucred; buflen = *sizep; if (where == NULL) { @@ -959,7 +960,17 @@ sysctl_file(char *where, size_t *sizep) *sizep = where - start; return (ENOMEM); } - error = copyout((caddr_t)fp, where, sizeof (struct file)); + + /* Only let the superuser or the owner see some information */ + bcopy(fp, &cfile, sizeof (struct file)); + if (suser(p, 0) != 0 && cred->cr_uid != fp->f_cred->cr_uid) { + cfile.f_offset = (off_t)-1; + cfile.f_rxfer = 0; + cfile.f_wxfer = 0; + cfile.f_rbytes = 0; + cfile.f_wbytes = 0; + } + error = copyout(&cfile, where, sizeof (struct file)); if (error) return (error); buflen -= sizeof(struct file); diff --git a/sys/sys/sysctl.h b/sys/sys/sysctl.h index 041e94d2cb1..0092f7f739e 100644 --- a/sys/sys/sysctl.h +++ b/sys/sys/sysctl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: sysctl.h,v 1.93 2008/09/16 15:48:12 gollo Exp $ */ +/* $OpenBSD: sysctl.h,v 1.94 2008/10/07 02:20:11 deraadt Exp $ */ /* $NetBSD: sysctl.h,v 1.16 1996/04/09 20:55:36 cgd Exp $ */ /* @@ -686,7 +686,7 @@ int sysctl__string(void *, size_t *, void *, size_t, char *, int, int); int sysctl_rdstring(void *, size_t *, void *, const char *); int sysctl_rdstruct(void *, size_t *, void *, const void *, int); int sysctl_struct(void *, size_t *, void *, size_t, void *, int); -int sysctl_file(char *, size_t *); +int sysctl_file(char *, size_t *, struct proc *); int sysctl_doproc(int *, u_int, char *, size_t *); struct radix_node; struct walkarg; diff --git a/usr.bin/fstat/fstat.1 b/usr.bin/fstat/fstat.1 index f5ec6120d83..f8363cdb71d 100644 --- a/usr.bin/fstat/fstat.1 +++ b/usr.bin/fstat/fstat.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: fstat.1,v 1.38 2007/10/01 22:06:02 sobrado Exp $ +.\" $OpenBSD: fstat.1,v 1.39 2008/10/07 02:20:12 deraadt Exp $ .\" .\" Copyright (c) 1987, 1991, 1993 .\" The Regents of the University of California. All rights reserved. @@ -29,7 +29,7 @@ .\" .\" from: @(#)fstat.1 8.3 (Berkeley) 2/25/94 .\" -.Dd $Mdocdate: October 1 2007 $ +.Dd $Mdocdate: October 7 2008 $ .Dt FSTAT 1 .Os .Sh NAME @@ -83,6 +83,7 @@ Also, print the mode of the file in octal instead of symbolic form. Output file offset. Follow the size field with the descriptor's offset. Useful for checking progress as a process works through a large file. +This information is only visible to the user or superuser. .It Fl p Ar pid Report all files open by the specified process. .It Fl s @@ -90,6 +91,7 @@ Report per file io statistics in two additional columns .Sq XFERS and .Sq KBYTES . +This information is only visible to the user or superuser. .It Fl u Ar user Report all files open by the specified user. .It Fl v diff --git a/usr.bin/fstat/fstat.c b/usr.bin/fstat/fstat.c index c5b1f7c881c..76a11446c44 100644 --- a/usr.bin/fstat/fstat.c +++ b/usr.bin/fstat/fstat.c @@ -1,4 +1,4 @@ -/* $OpenBSD: fstat.c,v 1.61 2008/04/08 14:46:45 thib Exp $ */ +/* $OpenBSD: fstat.c,v 1.62 2008/10/07 02:20:12 deraadt Exp $ */ /*- * Copyright (c) 1988, 1993 @@ -37,7 +37,7 @@ static char copyright[] = #ifndef lint /*static char sccsid[] = "from: @(#)fstat.c 8.1 (Berkeley) 6/6/93";*/ -static char *rcsid = "$OpenBSD: fstat.c,v 1.61 2008/04/08 14:46:45 thib Exp $"; +static char *rcsid = "$OpenBSD: fstat.c,v 1.62 2008/10/07 02:20:12 deraadt Exp $"; #endif /* not lint */ #include <sys/param.h> @@ -146,6 +146,7 @@ int maxfiles; (kvm_read(kd, (u_long)(kaddr), (void *)(paddr), (len)) == (len)) kvm_t *kd; +uid_t uid; int ufs_filestat(struct vnode *, struct filestat *); int ext2fs_filestat(struct vnode *, struct filestat *); @@ -232,6 +233,12 @@ main(int argc, char *argv[]) } /* + * get the uid, for oflg and sflg + */ + + uid = getuid(); + + /* * Discard setgid privileges if not the running kernel so that bad * guys can't print interesting stuff from kernel memory. */ @@ -290,6 +297,7 @@ main(int argc, char *argv[]) } char *Uname, *Comm; +uid_t *procuid; pid_t Pid; #define PREFIX(i) do { \ @@ -325,6 +333,7 @@ dofiles(struct kinfo_proc2 *kp) #define filed filed0.fd_fd Uname = user_from_uid(kp->p_uid, 0); + procuid = &kp->p_uid; Pid = kp->p_pid; Comm = kp->p_comm; @@ -522,13 +531,22 @@ vtrans(struct vnode *vp, int i, int flag, struct file *fp) } default: printf(" %8lld", (long long)fst.size); - if (oflg) - printf(":%-8lld", (long long)(fp? fp->f_offset : 0)); + if (oflg) { + if (uid == 0 || uid == *procuid) + printf(":%-8lld", (long long)(fp? fp->f_offset : 0)); + else + printf(":%-8s", "*"); + } + } + if (sflg) { + if (uid == 0 || uid == *procuid) { + printf(" %8lld %8lld", + (long long)(fp? fp->f_rxfer + fp->f_wxfer : 0), + (long long)(fp? fp->f_rbytes + fp->f_wbytes : 0) / 1024); + } else { + printf(" %8s %8s", "*", "*"); + } } - if (sflg) - printf(" %8lld %8lld", - (long long)(fp? fp->f_rxfer + fp->f_wxfer : 0), - (long long)(fp? fp->f_rbytes + fp->f_wbytes : 0) / 1024); if (filename && !fsflg) printf(" %s", filename); putchar('\n'); |