Bugtraq mailing list archives

Re: Wmmon under FreeBSD

From: ajax () LINWORTH ORG (Ajax)
Date: Tue, 21 Dec 1999 15:35:34 -0500


On Tue, 21 Dec 1999, Steve Reid wrote:

Wmmon is a popular program for monitoring CPU load and other system
utilization. It runs as a dockapp under WindowMaker.

The FreeBSD version of this program has a feature that can be trivially
exploited to gain group kmem in recent installs, or user root in really
old installs. This affects the FreeBSD version because under FreeBSD the
program must be installed setgid kmem or setuid root in order to access
system load information through the memory devices. The Linux version
should not be vulnerable because it reads information through procfs
which requires no special privileges.
<snip>


An alternative solution would be to read such information from kernfs,
usually (although optionally) mounted at /kern.  kernfs is the *bsd
equivalent to many of the files in linux's /proc.  This would, of
course, require the app to be rewritten to use /kern instead of
/dev/kmem, but well worth it in my opinion.

I should like to know why more apps don't require the *bsd {proc,kern}fs
interface.  They were, after all, designed to reduce the need for read
access to /dev/kmem.

.a.j.a.x. @ vxgas.linworth.org
"You can run Java applets from anyone, anywhere, in complete safety"
    - Charles L. Perkins, "Teach Yourself Java in 21 Days"
 3:24PM  up 83 days,  8:26, 1 user, load averages: 0.09, 0.10, 0.08

Current thread:

NAV2000 Email Protection DoS kyle () RAGEOUT ORG (Dec 17)
- <Possible follow-ups>
- Fw: NAV2000 Email Protection DoS Bohemian (Dec 17)
  - Re: Fw: NAV2000 Email Protection DoS Hank Pike (Dec 20)
  - Wmmon under FreeBSD Steve Reid (Dec 21)
    - Re: Wmmon under FreeBSD Ajax (Dec 21)
    - Re: Wmmon under FreeBSD Dominic Mitchell (Dec 24)
    - Re: Wmmon under FreeBSD Greg A. Woods (Dec 29)
    - Fwd: Sun Security Bulletin #00191 Bryan Blackburn (Dec 29)