diff options
author | Xin LI <delphij@FreeBSD.org> | 2015-09-01 06:28:16 +0000 |
---|---|---|
committer | Xin LI <delphij@FreeBSD.org> | 2015-09-01 06:28:16 +0000 |
commit | 0a107daff70338b78e4e977fa350c63d08daa56d (patch) | |
tree | b07e881008b8530903d7956df6e165df1dc6ccf9 /usr.bin/bluetooth | |
parent | a3aeedabb444cd4353916ded1c41295a4b80125b (diff) | |
download | src-0a107daff70338b78e4e977fa350c63d08daa56d.tar.gz src-0a107daff70338b78e4e977fa350c63d08daa56d.zip |
Drop group privileges after opening the kvm descriptor, otherwise, the code
would not drop privileges as expected.
While there also add checks for the drop and bail out immediately if we
failed.
MFC after: 3 days
Notes
Notes:
svn path=/head/; revision=287345
Diffstat (limited to 'usr.bin/bluetooth')
-rw-r--r-- | usr.bin/bluetooth/btsockstat/btsockstat.c | 14 |
1 files changed, 4 insertions, 10 deletions
diff --git a/usr.bin/bluetooth/btsockstat/btsockstat.c b/usr.bin/bluetooth/btsockstat/btsockstat.c index aa85286ee9d1..78f61279d47c 100644 --- a/usr.bin/bluetooth/btsockstat/btsockstat.c +++ b/usr.bin/bluetooth/btsockstat/btsockstat.c @@ -154,9 +154,9 @@ main(int argc, char *argv[]) * Discard setgid privileges if not the running kernel so that * bad guys can't print interesting stuff from kernel memory. */ - if (memf != NULL) - setgid(getgid()); + if (setgid(getgid()) != 0) + err(1, "setgid"); kvmd = kopen(memf); if (kvmd == NULL) @@ -583,15 +583,9 @@ kopen(char const *memf) kvm_t *kvmd = NULL; char errbuf[_POSIX2_LINE_MAX]; - /* - * Discard setgid privileges if not the running kernel so that - * bad guys can't print interesting stuff from kernel memory. - */ - - if (memf != NULL) - setgid(getgid()); - kvmd = kvm_openfiles(NULL, memf, NULL, O_RDONLY, errbuf); + if (setgid(getgid()) != 0) + err(1, "setgid"); if (kvmd == NULL) { warnx("kvm_openfiles: %s", errbuf); return (NULL); |