Bug 25298

Summary: dmesg -a
Product: Base System Reporter: mitsuru <mitsuru>
Component: binAssignee: GNATS administrator <gnats-admin>
Status: Closed FIXED    
Severity: Affects Only Me    
Priority: Normal    
Version: 1.0-RELEASE   
Hardware: Any   
OS: Any   

Description mitsuru 2001-02-23 08:10:01 UTC 
 Originator:     Mitsuru Yoshida
 Organization:   RIKEN
 Confidential:   no <FreeBSD PRs are public data>
 Synopsis:       using dmesg -a should be restricted
 Severity:       serious
 Priority:       medium
 Category:       bin
 Release:        FreeBSD 4.2-STABLE i386
 Class:          change-request
 Environment: 
 
 	FreeBSD 4.2-STABLE i386
 
 Description: 
 
 	Using dmesg -a, all data in the message buffer can be read by any user,
        and it may cause security problem. Especially all messages written to 
        the console are stored in the message buffer during single user mode,
        and any user can read them later. The use of -a option should be 
        restricted to root user.
 
 How-To-Repeat: 
 
 	dmesg -a
 
 Fix: 
 
 --- dmesg.c.dist	Wed Feb 21 10:00:26 2001
 +++ dmesg.c	Wed Feb 21 10:02:11 2001
 @@ -56,6 +56,7 @@
  #include <unistd.h>
  #include <vis.h>
  #include <sys/syslog.h>
 +#include <sys/types.h>
  
  struct nlist nl[] = {
  #define	X_MSGBUF	0
 @@ -87,6 +88,10 @@
  	while ((ch = getopt(argc, argv, "aM:N:")) != -1)
  		switch(ch) {
  		case 'a':
 +			if (getuid() != (uid_t)0) {
 +			  fprintf(stderr,"dmesg: must be root to get all data in the message buffer\n");
 +			  exit(1);
 +			}
  			all++;
  			break;
  		case 'M':
Comment 1 Poul-Henning Kamp freebsd_committer freebsd_triage 2001-03-19 19:23:36 UTC 
State Changed
From-To: open->closed

duplicate