On Sat, Nov 07, 2015 at 05:52:53PM +0100, Gregor Best wrote:
> [...]
> I'm working on a fix.
> [...]
And here it is. I'm not entirely comfortable with it, since the kmem
group is only implied by the initgroups call, but I guess if someone
removes root from the kmem group on their system, they should be able to
live with the consequences.
Apart from that, does this patch make sense?
--
Gregor
Index: kvm_mkdb.c
===================================================================
RCS file: /mnt/media/cvs/src/usr.sbin/kvm_mkdb/kvm_mkdb.c,v
retrieving revision 1.25
diff -u -p -r1.25 kvm_mkdb.c
--- kvm_mkdb.c 5 Nov 2015 16:15:47 -0000 1.25
+++ kvm_mkdb.c 7 Nov 2015 17:02:40 -0000
@@ -40,6 +40,7 @@
#include <fcntl.h>
#include <libgen.h>
#include <paths.h>
+#include <pwd.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
@@ -64,6 +65,7 @@ int
main(int argc, char *argv[])
{
struct rlimit rl;
+ struct passwd *pw;
int fd, rval, ch, verbose = 0;
char *nlistpath, *nlistname;
char dbdir[PATH_MAX];
@@ -97,6 +99,14 @@ main(int argc, char *argv[])
if (argc > 1)
usage();
+
+ /* We need to be in the `kmem` group for the fchown() below to work
after
+ * pledge and during /etc/rc
+ */
+ if ((pw = getpwuid(0)) == NULL)
+ errx(1, "Can't get pw entry for UID 0");
+ if (initgroups(pw->pw_name, pw->pw_gid) == -1)
+ errx(1, "Can't set group IDs");
if (pledge("stdio rpath wpath cpath fattr flock", NULL) == -1)
err(1, "pledge");
