mirror of
https://git.hardenedbsd.org/hardenedbsd/HardenedBSD.git
synced 2024-12-27 05:21:08 +01:00
Drop privileges if not using standard namelist or kernel file.
Submitted by: smpatel (Sujal Patel)
This commit is contained in:
parent
5110a08c3c
commit
66e5b18f29
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=15993
@ -179,6 +179,13 @@ main(argc, argv)
|
||||
_res.retrans = 2; /* resolver timeout to 2 seconds per try */
|
||||
_res.retry = 1; /* only try once.. */
|
||||
|
||||
/*
|
||||
* Discard setgid privileges if not the running kernel so that bad
|
||||
* guys can't print interesting stuff from kernel memory.
|
||||
*/
|
||||
if (nlistf != NULL || memf != NULL)
|
||||
setgid(getgid());
|
||||
|
||||
if ((kd = kvm_openfiles(nlistf, memf, NULL, O_RDONLY, errbuf)) == NULL)
|
||||
errx(1, "%s", errbuf);
|
||||
|
||||
|
@ -22,7 +22,7 @@
|
||||
*/
|
||||
|
||||
#ifndef lint
|
||||
static char rcsid[] = "$Id: slstat.c,v 1.3 1994/11/19 13:57:21 jkh Exp $";
|
||||
static char rcsid[] = "$Id: slstat.c,v 1.4 1995/05/30 03:52:30 rgrimes Exp $";
|
||||
#endif
|
||||
|
||||
#include <stdio.h>
|
||||
@ -132,6 +132,13 @@ main(argc, argv)
|
||||
kflag++;
|
||||
}
|
||||
}
|
||||
/*
|
||||
* Discard setgid privileges if not the running kernel so that bad
|
||||
* guys can't print interesting stuff from kernel memory.
|
||||
*/
|
||||
if (system != NULL || kmemf != NULL)
|
||||
setgid(getgid());
|
||||
|
||||
kvm_h = kvm_openfiles(system, kmemf, NULL, O_RDONLY, errbuf);
|
||||
if (kvm_h == 0) {
|
||||
(void)fprintf(stderr,
|
||||
|
Loading…
Reference in New Issue
Block a user