NetBSD Problem Report #45037
From www@NetBSD.org Thu Jun 9 23:20:44 2011
Return-Path: <www@NetBSD.org>
Received: from mail.netbsd.org (mail.netbsd.org [204.152.190.11])
by www.NetBSD.org (Postfix) with ESMTP id E709D63C783
for <gnats-bugs@gnats.NetBSD.org>; Thu, 9 Jun 2011 23:20:43 +0000 (UTC)
Message-Id: <20110609232043.1E80963BA4F@www.NetBSD.org>
Date: Thu, 9 Jun 2011 23:20:43 +0000 (UTC)
From: alnsn@NetBSD.org
Reply-To: alnsn@NetBSD.org
To: gnats-bugs@NetBSD.org
Subject: Content of net.bpf.peers is available to non-root via fstat(1)
X-Send-Pr-Version: www-1.0
>Number: 45037
>Category: kern
>Synopsis: Content of net.bpf.peers is available to non-root via fstat(1)
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: kern-bug-people
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Thu Jun 09 23:25:00 +0000 2011
>Originator: Alexander Nasonov
>Release: 5.99.52 amd64
>Organization:
home sweet home
>Environment:
NetBSD nebeda.localdomain 5.99.52 NetBSD 5.99.52 (GENERIC) #0: Wed Jun 8 23:47:33 BST 2011 root@nebeda.localdomain:/home/alnsn/src/netbsd-current/src/sys/arch/amd64/compile/obj/GENERIC amd64
>Description:
net.bpf.peers is available only to root but some content
is available to non-root via fstat(1) command.
>How-To-Repeat:
[screen pts/2] id nobody
uid=32767(nobody) gid=39(nobody) groups=39(nobody)
[screen pts/2] sudo -u nobody netstat -B
netstat: sysctl: net.bpf.peers: Operation not permitted
[screen pts/2] sudo -u root netstat -B
Active BPF peers
PID Int Recv Drop Capt Flags Bufsize Comm
25908 nfe0 584 0 108 IP-SH 524288 tcpdump
[screen pts/2] sudo -u nobody fstat|grep bpf
_tcpdump tcpdump 25908 5* bpf rec=613, dr=0, cap=116, pid=25908, promisc, seesent, idle
>Fix:
not known
(Contact us)
$NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.