Re: bogon in 4.x memory device

From: Robert Watson (rwatson@freebsd.org)
Date: 09/25/01

Next message: Karl M. Joch: "Re: LaBrea for BSD?"
Previous message: Laurent Fabre: "Re: LaBrea for BSD?"
In reply to: Alfred Perlstein: "bogon in 4.x memory device"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 25 Sep 2001 08:41:28 -0400 (EDT)
From: Robert Watson <rwatson@freebsd.org>
To: Alfred Perlstein <bright@mu.org>

Looks fine -- a similar change has been made in -CURRENT, although
fortunately in -CURRENT, kmem is no longer required for top to function,
as the sysctl MIB has been expanded. It would be better to MFC the
sysctl/top changes, from a practical security perspective, but this is
certainly the easier change.

Robert N M Watson FreeBSD Core Team, TrustedBSD Project
robert@fledge.watson.org NAI Labs, Safeport Network Services

On Tue, 25 Sep 2001, Alfred Perlstein wrote:

> without this top(1) fails on machines with raised securelevel.
>
> can anyone review/comment?
>
> Reported by: brian j. peterson <rbw@myplace.org>
>
> Index: mem.c
> ===================================================================
> RCS file: /home/ncvs/src/sys/alpha/alpha/mem.c,v
> retrieving revision 1.19.2.3
> diff -u -r1.19.2.3 mem.c
> --- mem.c 2000/05/14 00:29:44 1.19.2.3
> +++ mem.c 2001/09/25 06:55:30
> @@ -138,7 +138,7 @@
> switch (minor(dev)) {
> case 0:
> case 1:
> - if (securelevel >= 1)
> + if ((flags & FWRITE) && securelevel > 0)
> return (EPERM);
> break;
> case 32:
>
>
> --
> -Alfred Perlstein [alfred@freebsd.org]
> 'Instead of asking why a piece of software is using "1970s technology,"
> start asking why software is ignoring 30 years of accumulated wisdom.'
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
>

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Next message: Karl M. Joch: "Re: LaBrea for BSD?"
Previous message: Laurent Fabre: "Re: LaBrea for BSD?"
In reply to: Alfred Perlstein: "bogon in 4.x memory device"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: vmstat -s broken
... Rev.1.67 of vm/vm_meter.c unbroke the sysctl that returns the number of ... but vmstataccesses cnt.v_syscalls in kmem so it is still ... systatuses the sysctl so it was unbroken. ... I use a different fix which restores the previous code for the SMP ...
(freebsd-current)
Re: SGID make
... >> sysctl in FreeBSD. ... > reading kmem? ... The devel/gmake port already clears the setgid bit of the gmake ... with "unsubscribe freebsd-security" in the body of the message ...
(FreeBSD-Security)
Re: SGID make
... > query the system load average to optimize parrallel compliation ... > sysctl in FreeBSD. ... reading kmem? ... with "unsubscribe freebsd-security" in the body of the message ...
(FreeBSD-Security)