141852 – sysutils/fuser allows user to send any signal to any

Bug 141852 - sysutils/fuser allows user to send any signal to any

Summary: sysutils/fuser allows user to send any signal to any

Status:	Closed FIXED

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	Normal Affects Only Me
Assignee:	Stanislav Sedov

URL:
Keywords:

Depends on:
Blocks:

Reported:	2009-12-21 20:00 UTC by Denis Barov
Modified:	2009-12-21 21:56 UTC (History)
CC List:	1 user (show)

See Also:

Attachments
file.diff (1.08 KB, patch) 2009-12-21 20:00 UTC, Denis Barov	no flags	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Denis Barov 2009-12-21 20:00:17 UTC

sysutils/fuser allows user to send any signal to any process when
installed with suid bit

Fix: patch:
How-To-Repeat: # chmod +s /usr/local/bin/fuser (as recommended in pkg-message)
% fuser -k /usr/sbin/syslogd

Comment 1 Edwin Groothuis freebsd_committer

2009-12-21 20:00:27 UTC

Responsible Changed
From-To: freebsd-ports-bugs->stas

Over to maintainer (via the GNATS Auto Assign Tool)

Comment 2 Denis Barov 2009-12-21 20:32:22 UTC

now I see, better way:



diff -urN fuser/files/patch-fuser.c.orig fuser/files/patch-fuser.c
--- fuser/files/patch-fuser.c.orig	1970-01-01 03:00:00.000000000 +0300
+++ fuser/files/patch-fuser.c	2009-12-21 22:52:36.000000000 +0300
@@ -0,0 +1,35 @@
+--- fuser.c.orig	2006-03-14 14:07:08.000000000 +0300
++++ fuser.c	2009-12-21 22:51:33.000000000 +0300
+@@ -608,6 +608,7 @@
+ 	char		*ep;
+ 	char		*kernimg = NULL; /* We are using curr. sys by default */
+ 	char		*mcore = NULL;
++  int     retvalue = 0;
+ 
+ 	while ((ch = getopt(argc, argv, "C:K:cfkms:u")) != -1)
+ 		switch(ch) {
+@@ -696,8 +697,13 @@
+ 			if (ufl != 0) {
+ 				print_file_info(pinfo->pid, \
+ 				    pinfo->uid, ufl);
+-				if ((flags & KFLAG) != 0)
+-					(void)kill(pinfo->pid, sig);
++				if ((flags & KFLAG) != 0) {
++            if (geteuid() == getuid() || pinfo->uid == getuid()) {
++              (void)kill(pinfo->pid, sig);
++            } else {
++              retvalue = 1;
++            }
++        } 
+ 			}
+ 		}
+ 		(void)fprintf(stderr, "\n");
+@@ -707,7 +713,7 @@
+ 	SLIST_FREE(&prclist, next, pinfo_free);
+ 	(void)kvm_close(kd);
+ 
+-	return 0;
++	return retvalue;
+ 		
+ }
+ 



-- 
Cheers
Denis Barov

Comment 3 dfilter service freebsd_committer

2009-12-21 21:49:47 UTC

stas        2009-12-21 21:49:39 UTC

  FreeBSD ports repository

  Modified files:
    sysutils/fuser       Makefile 
  Added files:
    sysutils/fuser/files extra::patch-nfs.c patch-fuser.c 
  Log:
  - Fix build on HEAD.
  - Do not allow the user to send signals to arbitrary processes if
    setuid binary is used.
  
  PR:             ports/141852
  Submitted by:   Denis Barov <dindin@dindin.ru>
  Security:       http://www.freebsd.org/ports/portaudit/4d6076fe-ee7a-11de-9cd0-001a926c7637.html
  
  Revision  Changes    Path
  1.10      +2 -2      ports/sysutils/fuser/Makefile
  1.1       +10 -0     ports/sysutils/fuser/files/extra::patch-nfs.c (new)
  1.1       +35 -0     ports/sysutils/fuser/files/patch-fuser.c (new)
_______________________________________________
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"

Comment 4 Stanislav Sedov freebsd_committer

2009-12-21 21:56:15 UTC

State Changed
From-To: open->closed

Committed. Thanks!