NetBSD Problem Report #53651
From leot@netbsd.org Fri Oct 5 12:48:27 2018
Return-Path: <leot@netbsd.org>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified))
by mollari.NetBSD.org (Postfix) with ESMTPS id 9803C7A18A
for <gnats-bugs@gnats.NetBSD.org>; Fri, 5 Oct 2018 12:48:27 +0000 (UTC)
Message-Id: <20181005124827.4AE3F84D7B@mail.netbsd.org>
Date: Fri, 5 Oct 2018 12:48:27 +0000 (UTC)
From: Leonardo Taccari <leot@NetBSD.org>
Reply-To: Leonardo Taccari <leot@NetBSD.org>
To: gnats-bugs@NetBSD.org
Subject: sockstat(1) no longer list information when invoked as user
X-Send-Pr-Version: 3.95
>Number: 53651
>Category: bin
>Synopsis: sockstat(1) no longer list information when invoked as user
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: bin-bug-people
>State: closed
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Fri Oct 05 12:50:00 +0000 2018
>Closed-Date: Sat Dec 15 12:32:34 +0000 2018
>Last-Modified: Sat Dec 15 12:32:34 +0000 2018
>Originator: Leonardo Taccari
>Release: NetBSD 8.99.25
>Organization:
>Environment:
System: NetBSD boh 8.99.25 NetBSD 8.99.25 (GENERIC) #0: Sat Sep 22 11:37:18 CEST 2018 leot@boh:/usr/obj/sys/arch/amd64/compile/GENERIC amd64
Architecture: x86_64
Machine: amd64
>Description:
When invoked as non-privileged user sockstat(1) no longer
list any information.
However, it works as expected when invoked by `root'.
>How-To-Repeat:
% sockstat
>Fix:
N/A (Sorry!)
>Release-Note:
>Audit-Trail:
From: matthew green <mrg@eterna.com.au>
To: gnats-bugs@NetBSD.org
Cc: gnats-admin@netbsd.org, netbsd-bugs@netbsd.org
Subject: re: bin/53651: sockstat(1) no longer list information when invoked as user
Date: Sun, 07 Oct 2018 05:45:13 +1100
AFAICT, the only reason the unpriv'd tools fail now is that they
can't compare values from different sysctl's to ensure they have
the right thing. christos' expose_addr hack is a good workaround
for when this problem occurs, but it would be much nicer if we
were able to give these sysctls some cookie pointer value that
is comparable with others, but doesn't reveal any kva.
it's not that the kernel is re-using addresses from the userland,
but only that two addresses are identical.
.mrg.
From: Martin Husemann <martin@duskware.de>
To: gnats-bugs@NetBSD.org
Cc:
Subject: Re: bin/53651: sockstat(1) no longer list information when invoked
as user
Date: Sat, 6 Oct 2018 20:54:36 +0200
On Sat, Oct 06, 2018 at 06:50:01PM +0000, matthew green wrote:
> for when this problem occurs, but it would be much nicer if we
> were able to give these sysctls some cookie pointer value that
> is comparable with others, but doesn't reveal any kva.
And if that cookie calculation has non-neglible cost, make the sysctl
a threeway: 0 = no info, 1 = "expensive" cookies, 2 = kernel address.
Martin
State-Changed-From-To: open->closed
State-Changed-By: leot@NetBSD.org
State-Changed-When: Sat, 15 Dec 2018 12:32:34 +0000
State-Changed-Why:
Fixed by <christos> by introduction of kern.expose_address via:
cvs rdiff -u -r1.217 -r1.218 src/sys/kern/init_sysctl.c \
src/sys/kern/kern_proc.c
cvs rdiff -u -r1.237 -r1.238 src/sys/kern/kern_descrip.c
cvs rdiff -u -r1.48 -r1.49 src/sys/secmodel/suser/secmodel_suser.c
cvs rdiff -u -r1.80 -r1.81 src/sys/sys/kauth.h
cvs rdiff -u -r1.278 -r1.279 src/sys/sys/systm.h
...and:
cvs rdiff -u -r1.131 -r1.132 src/share/man/man7/sysctl.7
Thank you Christos!
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2007
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.