Pick up kernel variables/constants using sysctl rather than through /dev/mem
Use /dev/null for opening the kvm library, we don't need access to /dev/mem anymore. ps can now run without the setgid(kmem) bit. If it does it will not be able to show argv/envp for another uid's processes unless you are root.
This commit is contained in:
parent
6658078ab3
commit
167a14bcd4
@ -31,93 +31,24 @@
|
||||
* SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#ifndef lint
|
||||
#if 0
|
||||
static char sccsid[] = "@(#)nlist.c 8.4 (Berkeley) 4/2/94";
|
||||
#endif
|
||||
static const char rcsid[] =
|
||||
"$Id$";
|
||||
#endif /* not lint */
|
||||
|
||||
#include <sys/param.h>
|
||||
#include <sys/time.h>
|
||||
#include <sys/proc.h>
|
||||
#include <sys/resource.h>
|
||||
|
||||
#include <err.h>
|
||||
#include <errno.h>
|
||||
#include <kvm.h>
|
||||
#include <nlist.h>
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
|
||||
#include "ps.h"
|
||||
|
||||
struct nlist psnl[] = {
|
||||
{"_fscale"},
|
||||
#define X_FSCALE 0
|
||||
{"_ccpu"},
|
||||
#define X_CCPU 1
|
||||
{"_avail_start"},
|
||||
#define X_AVAILSTART 2
|
||||
{"_avail_end"},
|
||||
#define X_AVAILEND 3
|
||||
{NULL}
|
||||
};
|
||||
|
||||
fixpt_t ccpu; /* kernel _ccpu variable */
|
||||
int nlistread; /* if nlist already read. */
|
||||
int mempages; /* number of pages of phys. memory */
|
||||
int fscale; /* kernel _fscale variable */
|
||||
|
||||
extern kvm_t *kd;
|
||||
|
||||
#define kread(x, v) \
|
||||
kvm_read(kd, psnl[x].n_value, (char *)&v, sizeof v) != sizeof(v)
|
||||
|
||||
int
|
||||
donlist()
|
||||
{
|
||||
int rval;
|
||||
int tmp;
|
||||
|
||||
rval = 0;
|
||||
nlistread = 1;
|
||||
if (kvm_nlist(kd, psnl)) {
|
||||
nlisterr(psnl);
|
||||
eval = 1;
|
||||
if (sysctlbyname("kern.ccpu", &ccpu, sizeof ccpu, 0, 0) < 0)
|
||||
return (1);
|
||||
}
|
||||
if (kread(X_FSCALE, fscale)) {
|
||||
warnx("fscale: %s", kvm_geterr(kd));
|
||||
eval = rval = 1;
|
||||
}
|
||||
if (kread(X_AVAILEND, mempages)) {
|
||||
warnx("avail_start: %s", kvm_geterr(kd));
|
||||
eval = rval = 1;
|
||||
}
|
||||
if (kread(X_AVAILSTART, tmp)) {
|
||||
warnx("avail_end: %s", kvm_geterr(kd));
|
||||
eval = rval = 1;
|
||||
}
|
||||
mempages -= tmp;
|
||||
mempages /= PAGE_SIZE;
|
||||
if (kread(X_CCPU, ccpu)) {
|
||||
warnx("ccpu: %s", kvm_geterr(kd));
|
||||
eval = rval = 1;
|
||||
}
|
||||
return (rval);
|
||||
}
|
||||
|
||||
void
|
||||
nlisterr(nl)
|
||||
struct nlist nl[];
|
||||
{
|
||||
int i;
|
||||
|
||||
(void)fprintf(stderr, "ps: nlist: can't find following symbols:");
|
||||
for (i = 0; nl[i].n_name != NULL; i++)
|
||||
if (nl[i].n_value == 0)
|
||||
(void)fprintf(stderr, " %s", nl[i].n_name);
|
||||
(void)fprintf(stderr, "\n");
|
||||
if (sysctlbyname("kern.fscale", &fscale, sizeof fscale, 0, 0) < 0)
|
||||
return (1);
|
||||
if (sysctlbyname("hw.availpages", &mempages, sizeof mempages, 0, 0) < 0)
|
||||
return (1);
|
||||
nlistread = 1;
|
||||
return (0);
|
||||
}
|
||||
|
14
bin/ps/ps.c
14
bin/ps/ps.c
@ -42,7 +42,7 @@ static char const copyright[] =
|
||||
static char sccsid[] = "@(#)ps.c 8.4 (Berkeley) 4/2/94";
|
||||
#endif
|
||||
static const char rcsid[] =
|
||||
"$Id$";
|
||||
"$Id: ps.c,v 1.24 1998/05/15 06:29:17 charnier Exp $";
|
||||
#endif /* not lint */
|
||||
|
||||
#include <sys/param.h>
|
||||
@ -121,7 +121,7 @@ main(argc, argv)
|
||||
dev_t ttydev;
|
||||
pid_t pid;
|
||||
uid_t uid;
|
||||
int all, ch, flag, i, fmt, lineno, nentries;
|
||||
int all, ch, flag, i, fmt, lineno, nentries, dropgid;
|
||||
int prtheader, wflag, what, xflg;
|
||||
char *nlistf, *memf, *swapf, errbuf[_POSIX2_LINE_MAX];
|
||||
|
||||
@ -142,7 +142,8 @@ main(argc, argv)
|
||||
pid = -1;
|
||||
uid = (uid_t) -1;
|
||||
ttydev = NODEV;
|
||||
memf = nlistf = swapf = NULL;
|
||||
dropgid = 0;
|
||||
memf = nlistf = swapf = _PATH_DEVNULL;
|
||||
while ((ch = getopt(argc, argv,
|
||||
#if defined(LAZY_PS)
|
||||
"aCcefghjLlM:mN:O:o:p:rSTt:U:uvW:wx")) != -1)
|
||||
@ -182,12 +183,14 @@ main(argc, argv)
|
||||
break;
|
||||
case 'M':
|
||||
memf = optarg;
|
||||
dropgid = 1;
|
||||
break;
|
||||
case 'm':
|
||||
sortby = SORTMEM;
|
||||
break;
|
||||
case 'N':
|
||||
nlistf = optarg;
|
||||
dropgid = 1;
|
||||
break;
|
||||
case 'O':
|
||||
parsefmt(o1);
|
||||
@ -260,6 +263,7 @@ main(argc, argv)
|
||||
break;
|
||||
case 'W':
|
||||
swapf = optarg;
|
||||
dropgid = 1;
|
||||
break;
|
||||
case 'w':
|
||||
if (wflag)
|
||||
@ -293,8 +297,10 @@ main(argc, argv)
|
||||
* Discard setgid privileges if not the running kernel so that bad
|
||||
* guys can't print interesting stuff from kernel memory.
|
||||
*/
|
||||
if (nlistf != NULL || memf != NULL || swapf != NULL)
|
||||
if (dropgid) {
|
||||
setgid(getgid());
|
||||
setuid(getuid());
|
||||
}
|
||||
|
||||
kd = kvm_openfiles(nlistf, memf, swapf, O_RDONLY, errbuf);
|
||||
if (kd == 0)
|
||||
|
Loading…
Reference in New Issue
Block a user