CVS commit: [netbsd-9] src/usr.bin/sockstat

Sun, 13 Sep 2020 05:01:18 -0700 

Module Name:    src
Committed By:   martin
Date:           Sun Sep 13 12:00:46 UTC 2020

Modified Files:
        src/usr.bin/sockstat [netbsd-9]: Makefile sockstat.c

Log Message:
Pull up following revision(s) (requested by kim in ticket #1079):

        usr.bin/sockstat/sockstat.c: revision 1.22
        usr.bin/sockstat/Makefile: revision 1.5
        usr.bin/sockstat/Makefile: revision 1.6

RR/54971: scole_mail: sockstat command output incorrect for normal
user As the PR hints, it is not enough to have kern.expose_address=1
to see kernel addresses, we also need to have the PK_KMEM bit set
which we achieve by installing sockstat setgid kmem and opening
and closing /dev/mem. (/usr/src/sys/kern/kern_proc.c:311). It is
unfortunate that we need to give the program more privilege, to
prove to the kernel that we have the privilege to see the data.

turn on fortify since it is setgid (from scole_mail)


To generate a diff of this commit:
cvs rdiff -u -r1.3.46.1 -r1.3.46.2 src/usr.bin/sockstat/Makefile
cvs rdiff -u -r1.20.2.1 -r1.20.2.2 src/usr.bin/sockstat/sockstat.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/usr.bin/sockstat/Makefile
diff -u src/usr.bin/sockstat/Makefile:1.3.46.1 src/usr.bin/sockstat/Makefile:1.3.46.2
--- src/usr.bin/sockstat/Makefile:1.3.46.1	Mon Aug 19 16:01:52 2019
+++ src/usr.bin/sockstat/Makefile	Sun Sep 13 12:00:45 2020
@@ -1,8 +1,11 @@
-#	$NetBSD: Makefile,v 1.3.46.1 2019/08/19 16:01:52 martin Exp $
+#	$NetBSD: Makefile,v 1.3.46.2 2020/09/13 12:00:45 martin Exp $
 
 .include <bsd.own.mk>
 
 RUMPPRG=	sockstat
+BINGRP= kmem
+BINMODE=2555
+USE_FORT?= yes # setgid
 
 .PATH:  ${.CURDIR}/../../lib/libc/gen
 CPPFLAGS+= -DRUMP_ACTION

Index: src/usr.bin/sockstat/sockstat.c
diff -u src/usr.bin/sockstat/sockstat.c:1.20.2.1 src/usr.bin/sockstat/sockstat.c:1.20.2.2
--- src/usr.bin/sockstat/sockstat.c:1.20.2.1	Mon Aug 19 16:01:52 2019
+++ src/usr.bin/sockstat/sockstat.c	Sun Sep 13 12:00:45 2020
@@ -1,4 +1,4 @@
-/*	$NetBSD: sockstat.c,v 1.20.2.1 2019/08/19 16:01:52 martin Exp $ */
+/*	$NetBSD: sockstat.c,v 1.20.2.2 2020/09/13 12:00:45 martin Exp $ */
 
 /*
  * Copyright (c) 2005 The NetBSD Foundation, Inc.
@@ -31,7 +31,7 @@
 
 #include <sys/cdefs.h>
 #ifndef lint
-__RCSID("$NetBSD: sockstat.c,v 1.20.2.1 2019/08/19 16:01:52 martin Exp $");
+__RCSID("$NetBSD: sockstat.c,v 1.20.2.2 2020/09/13 12:00:45 martin Exp $");
 #endif
 
 #define _KMEMUSER
@@ -179,6 +179,11 @@ main(int argc, char *argv[])
 	if (prog_init && prog_init() == -1)
 		err(1, "init");
 
+	/* Not used, but we set the PK_KMEM flag like this */
+	int fd = open("/dev/mem", O_RDONLY);
+	if (fd == -1)
+		err(EXIT_FAILURE, "Can't open `/dev/mem'");
+	close(fd);
 	if ((portmap != NULL) && (pf_list == 0)) {
 		pf_list = PF_LIST_INET;
 #ifdef INET6

Reply via email to