Bug 141852 - sysutils/fuser allows user to send any signal to any
Summary: sysutils/fuser allows user to send any signal to any
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Only Me
Assignee: Stanislav Sedov
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2009-12-21 20:00 UTC by Denis Barov
Modified: 2009-12-21 21:56 UTC (History)
1 user (show)

See Also:


Attachments
file.diff (1.08 KB, patch)
2009-12-21 20:00 UTC, Denis Barov
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Denis Barov 2009-12-21 20:00:17 UTC
sysutils/fuser allows user to send any signal to any process when
installed with suid bit

Fix: patch:
How-To-Repeat: # chmod +s /usr/local/bin/fuser (as recommended in pkg-message)
% fuser -k /usr/sbin/syslogd
Comment 1 Edwin Groothuis freebsd_committer 2009-12-21 20:00:27 UTC
Responsible Changed
From-To: freebsd-ports-bugs->stas

Over to maintainer (via the GNATS Auto Assign Tool)
Comment 2 Denis Barov 2009-12-21 20:32:22 UTC
now I see, better way:



diff -urN fuser/files/patch-fuser.c.orig fuser/files/patch-fuser.c
--- fuser/files/patch-fuser.c.orig	1970-01-01 03:00:00.000000000 +0300
+++ fuser/files/patch-fuser.c	2009-12-21 22:52:36.000000000 +0300
@@ -0,0 +1,35 @@
+--- fuser.c.orig	2006-03-14 14:07:08.000000000 +0300
++++ fuser.c	2009-12-21 22:51:33.000000000 +0300
+@@ -608,6 +608,7 @@
+ 	char		*ep;
+ 	char		*kernimg = NULL; /* We are using curr. sys by default */
+ 	char		*mcore = NULL;
++  int     retvalue = 0;
+ 
+ 	while ((ch = getopt(argc, argv, "C:K:cfkms:u")) != -1)
+ 		switch(ch) {
+@@ -696,8 +697,13 @@
+ 			if (ufl != 0) {
+ 				print_file_info(pinfo->pid, \
+ 				    pinfo->uid, ufl);
+-				if ((flags & KFLAG) != 0)
+-					(void)kill(pinfo->pid, sig);
++				if ((flags & KFLAG) != 0) {
++            if (geteuid() == getuid() || pinfo->uid == getuid()) {
++              (void)kill(pinfo->pid, sig);
++            } else {
++              retvalue = 1;
++            }
++        } 
+ 			}
+ 		}
+ 		(void)fprintf(stderr, "\n");
+@@ -707,7 +713,7 @@
+ 	SLIST_FREE(&prclist, next, pinfo_free);
+ 	(void)kvm_close(kd);
+ 
+-	return 0;
++	return retvalue;
+ 		
+ }
+ 



-- 
Cheers
Denis Barov
Comment 3 dfilter service freebsd_committer 2009-12-21 21:49:47 UTC
stas        2009-12-21 21:49:39 UTC

  FreeBSD ports repository

  Modified files:
    sysutils/fuser       Makefile 
  Added files:
    sysutils/fuser/files extra::patch-nfs.c patch-fuser.c 
  Log:
  - Fix build on HEAD.
  - Do not allow the user to send signals to arbitrary processes if
    setuid binary is used.
  
  PR:             ports/141852
  Submitted by:   Denis Barov <dindin@dindin.ru>
  Security:       http://www.freebsd.org/ports/portaudit/4d6076fe-ee7a-11de-9cd0-001a926c7637.html
  
  Revision  Changes    Path
  1.10      +2 -2      ports/sysutils/fuser/Makefile
  1.1       +10 -0     ports/sysutils/fuser/files/extra::patch-nfs.c (new)
  1.1       +35 -0     ports/sysutils/fuser/files/patch-fuser.c (new)
_______________________________________________
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
Comment 4 Stanislav Sedov freebsd_committer 2009-12-21 21:56:15 UTC
State Changed
From-To: open->closed

Committed. Thanks!