Author: delphij
Date: Tue Sep 1 06:28:16 2015
New Revision: 287345
URL: https://svnweb.freebsd.org/changeset/base/287345
Log:
Drop group privileges after opening the kvm descriptor, otherwise, the code
would not drop privileges as expected.
While there also add checks for the drop and bail out immediately if we
failed.
MFC after: 3 days
Modified:
head/usr.bin/bluetooth/btsockstat/btsockstat.c
Modified: head/usr.bin/bluetooth/btsockstat/btsockstat.c
==============================================================================
--- head/usr.bin/bluetooth/btsockstat/btsockstat.c Tue Sep 1 06:21:12
2015 (r287344)
+++ head/usr.bin/bluetooth/btsockstat/btsockstat.c Tue Sep 1 06:28:16
2015 (r287345)
@@ -154,9 +154,9 @@ main(int argc, char *argv[])
* Discard setgid privileges if not the running kernel so that
* bad guys can't print interesting stuff from kernel memory.
*/
-
if (memf != NULL)
- setgid(getgid());
+ if (setgid(getgid()) != 0)
+ err(1, "setgid");
kvmd = kopen(memf);
if (kvmd == NULL)
@@ -583,15 +583,9 @@ kopen(char const *memf)
kvm_t *kvmd = NULL;
char errbuf[_POSIX2_LINE_MAX];
- /*
- * Discard setgid privileges if not the running kernel so that
- * bad guys can't print interesting stuff from kernel memory.
- */
-
- if (memf != NULL)
- setgid(getgid());
-
kvmd = kvm_openfiles(NULL, memf, NULL, O_RDONLY, errbuf);
+ if (setgid(getgid()) != 0)
+ err(1, "setgid");
if (kvmd == NULL) {
warnx("kvm_openfiles: %s", errbuf);
return (NULL);
_______________________________________________
[email protected] mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "[email protected]"
