From 23c9f0d208459e8d55a1247aad85e8f6714bae83 Mon Sep 17 00:00:00 2001 From: Theo de Raadt Date: Sun, 4 Aug 2002 16:52:08 +0000 Subject: revoke privs earlier --- usr.bin/netstat/main.c | 38 +++++++++++++++++++------------------- 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/usr.bin/netstat/main.c b/usr.bin/netstat/main.c index 7d3aaea5240..9ec0f2be798 100644 --- a/usr.bin/netstat/main.c +++ b/usr.bin/netstat/main.c @@ -1,4 +1,4 @@ -/* $OpenBSD: main.c,v 1.32 2002/06/07 21:58:38 itojun Exp $ */ +/* $OpenBSD: main.c,v 1.33 2002/08/04 16:52:07 deraadt Exp $ */ /* $NetBSD: main.c,v 1.9 1996/05/07 02:55:02 thorpej Exp $ */ /* @@ -44,7 +44,7 @@ char copyright[] = #if 0 static char sccsid[] = "from: @(#)main.c 8.4 (Berkeley) 3/1/94"; #else -static char *rcsid = "$OpenBSD: main.c,v 1.32 2002/06/07 21:58:38 itojun Exp $"; +static char *rcsid = "$OpenBSD: main.c,v 1.33 2002/08/04 16:52:07 deraadt Exp $"; #endif #endif /* not lint */ @@ -404,6 +404,23 @@ main(argc, argv) argv += optind; argc -= optind; + /* + * Discard setgid privileges if not the running kernel so that bad + * guys can't print interesting stuff from kernel memory. + */ + if (nlistf != NULL || memf != NULL) { + setegid(getgid()); + setgid(getgid()); + } + + if ((kvmd = kvm_openfiles(nlistf, memf, NULL, O_RDONLY, + buf)) == NULL) { + fprintf(stderr, "%s: kvm_open: %s\n", __progname, buf); + exit(1); + } + setegid(getgid()); + setgid(getgid()); + #define BACKWARD_COMPATIBILITY #ifdef BACKWARD_COMPATIBILITY if (*argv) { @@ -422,23 +439,6 @@ main(argc, argv) } #endif - /* - * Discard setgid privileges if not the running kernel so that bad - * guys can't print interesting stuff from kernel memory. - */ - if (nlistf != NULL || memf != NULL) { - setegid(getgid()); - setgid(getgid()); - } - - if ((kvmd = kvm_openfiles(nlistf, memf, NULL, O_RDONLY, - buf)) == NULL) { - fprintf(stderr, "%s: kvm_open: %s\n", __progname, buf); - exit(1); - } - setegid(getgid()); - setgid(getgid()); - if (kvm_nlist(kvmd, nl) < 0 || nl[0].n_type == 0) { if (nlistf) fprintf(stderr, "%s: %s: no namelist\n", __progname, -- cgit v1.2.3