OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Bugtraq Archives: Re: Wmmon under FreeBSD

Re: Wmmon under FreeBSD

Subject: Re: Wmmon under FreeBSD
From: Ajax (ajaxLINWORTH.ORG)
Date: Tue Dec 21 1999 - 14:35:34 CST

On Tue, 21 Dec 1999, Steve Reid wrote:

>Wmmon is a popular program for monitoring CPU load and other system
>utilization. It runs as a dockapp under WindowMaker.
>
>The FreeBSD version of this program has a feature that can be trivially
>exploited to gain group kmem in recent installs, or user root in really
>old installs. This affects the FreeBSD version because under FreeBSD the
>program must be installed setgid kmem or setuid root in order to access
>system load information through the memory devices. The Linux version
>should not be vulnerable because it reads information through procfs
>which requires no special privileges.
> <snip>

An alternative solution would be to read such information from kernfs,
usually (although optionally) mounted at /kern. kernfs is the *bsd
equivalent to many of the files in linux's /proc. This would, of
course, require the app to be rewritten to use /kern instead of
/dev/kmem, but well worth it in my opinion.

I should like to know why more apps don't require the *bsd {proc,kern}fs
interface. They were, after all, designed to reduce the need for read
access to /dev/kmem.

.a.j.a.x. vxgas.linworth.org
"You can run Java applets from anyone, anywhere, in complete safety"
    - Charles L. Perkins, "Teach Yourself Java in 21 Days"
 3:24PM up 83 days, 8:26, 1 user, load averages: 0.09, 0.10, 0.08

This archive was generated by hypermail 2b27 : Wed Dec 22 1999 - 12:04:39 CST