ps problem (watch out)
Ben Pennington
brp at starfire.UUCP
Fri Oct 11 13:31:30 AEST 1985
> > > Actually, ``ps'' and other kernel-grubbers should generally be
> > > setgid (not setuid) to a special group that can read the appropriate
> > > files.
> >
> > But you have to be careful: most ps's let you specify which namelist,
> > swap, and core files to open (-n,-s,-c in SV), and you don't want to
> > open them with gid sys.
> [ more detail deleted, your news-reading program can find it, I'm sure ]
>
> The simplest way to ensure this protection is (assuming setgid=sys program):
> 1) open("/dev/kmem", 0)
> 2) open("/dev/drum", 0) /* or your favorite swap device */
> 3) setgid(getgid());
> 4) open("namelist", 0);
>
> ...
>
> This way, the protected files get accessed correctly, while the namelist
> and all following work get done as joe-user. Of course, to have extra
> protection, you could do a stat() on the namelist file and make sure
> it's owned by root or something to guarantee against bogus namelists.
>
> --
> Dave Cohrs
> (608) 262-1204
> ...!{harvard,ihnp4,seismo,topaz}!uwvax!dave
> dave at wisc-romano.arpa
gfgoiurtoituoerut t
n
q
ZZ
*** REPLACE THIS LINE WITH YOUR MESSAGE ***
More information about the Comp.unix.wizards
mailing list