The kvm_bsd.db file only needs to be readable by programs that are
setgid kmem. This is not much of an info leak since any user can read
/bsd (or in many cases download a copy), but moving forward it would
be nice to patch these leaks up one by one.
A few kmem grovelers appear to still work afterwards.
Index: kvm_mkdb.c
===================================================================
RCS file: /cvs/src/usr.sbin/kvm_mkdb/kvm_mkdb.c,v
retrieving revision 1.18
diff -u -p -r1.18 kvm_mkdb.c
--- kvm_mkdb.c 20 Jul 2014 01:38:40 -0000 1.18
+++ kvm_mkdb.c 16 Dec 2014 19:22:54 -0000
@@ -31,6 +31,9 @@
#include <sys/param.h>
#include <sys/stat.h>
+#include <sys/types.h>
+#include <sys/time.h>
+#include <sys/resource.h>
#include <db.h>
#include <err.h>
@@ -42,10 +45,7 @@
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
-
-#include <sys/types.h>
-#include <sys/time.h>
-#include <sys/resource.h>
+#include <grp.h>
#include "extern.h"
@@ -131,6 +131,7 @@ kvm_mkdb(int fd, const char *dbdir, char
DB *db;
char dbtemp[MAXPATHLEN], dbname[MAXPATHLEN];
int r;
+ struct group *gr;
r = snprintf(dbtemp, sizeof(dbtemp), "%skvm_%s.tmp",
dbdir, nlistname);
@@ -155,7 +156,7 @@ kvm_mkdb(int fd, const char *dbdir, char
(void)umask(0);
db = dbopen(dbtemp, O_CREAT | O_EXLOCK | O_TRUNC | O_RDWR,
- S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH, DB_HASH, &openinfo);
+ S_IRUSR | S_IWUSR | S_IRGRP, DB_HASH, &openinfo);
if (db == NULL) {
warn("can't dbopen %s", dbtemp);
return(1);
@@ -167,6 +168,14 @@ kvm_mkdb(int fd, const char *dbdir, char
}
if (db->close(db)) {
warn("can't dbclose %s", dbtemp);
+ (void)unlink(dbtemp);
+ return(1);
+ }
+
+ if ((gr = getgrnam("kmem")) == NULL) {
+ warn("can't find kmem group");
+ } else if (chown(dbtemp, -1, gr->gr_gid)) {
+ warn("can't chown %s", dbtemp);
(void)unlink(dbtemp);
return(1);
}
