ports/141852: sysutils/fuser allows user to send any signal to any
Denis Barov
dindin at dindin.ru
Mon Dec 21 20:00:18 UTC 2009
>Number: 141852
>Category: ports
>Synopsis: sysutils/fuser allows user to send any signal to any
>Confidential: no
>Severity: serious
>Priority: low
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Mon Dec 21 20:00:17 UTC 2009
>Closed-Date:
>Last-Modified:
>Originator: Denis Barov
>Release: FreeBSD 7.2-STABLE i386
>Organization:
>Environment:
System: FreeBSD sepulca.yandex.ru 7.2-STABLE FreeBSD 7.2-STABLE #0 r197611M: Tue Oct 20 00:15:11 MSD 2009 root at ysbackup2.yandex.ru:/opt/tmp/mk_pkg.QZ1mnqtI/obj/i386/opt/usr/SVN/7/sys/SEPULCA i386
>Description:
sysutils/fuser allows user to send any signal to any process when
installed with suid bit
>How-To-Repeat:
# chmod +s /usr/local/bin/fuser (as recommended in pkg-message)
% fuser -k /usr/sbin/syslogd
>Fix:
patch:
diff -urN fuser/files/patch-fuser.c fuser/files/patch-fuser.c
--- fuser/files/patch-fuser.c.orig 1970-01-01 03:00:00.000000000 +0300
+++ fuser/files/patch-fuser.c 2009-12-21 22:52:36.000000000 +0300
@@ -0,0 +1,35 @@
+--- fuser.c.orig 2006-03-14 14:07:08.000000000 +0300
++++ fuser.c 2009-12-21 22:51:33.000000000 +0300
+@@ -608,6 +608,7 @@
+ char *ep;
+ char *kernimg = NULL; /* We are using curr. sys by default */
+ char *mcore = NULL;
++ int retvalue = 0;
+
+ while ((ch = getopt(argc, argv, "C:K:cfkms:u")) != -1)
+ switch(ch) {
+@@ -696,8 +697,13 @@
+ if (ufl != 0) {
+ print_file_info(pinfo->pid, \
+ pinfo->uid, ufl);
+- if ((flags & KFLAG) != 0)
+- (void)kill(pinfo->pid, sig);
++ if ((flags & KFLAG) != 0) {
++ if (geteuid() == getuid()) {
++ (void)kill(pinfo->pid, sig);
++ } else {
++ retvalue = 1;
++ }
++ }
+ }
+ }
+ (void)fprintf(stderr, "\n");
+@@ -707,7 +713,7 @@
+ SLIST_FREE(&prclist, next, pinfo_free);
+ (void)kvm_close(kd);
+
+- return 0;
++ return retvalue;
+
+ }
+
>Release-Note:
>Audit-Trail:
>Unformatted:
>process when installed with suid bit
More information about the freebsd-ports-bugs
mailing list