Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Posting-Version: version B 2.10.2 9/18/84; site uwvax.UUCP
Path: utzoo!watmath!clyde!burl!ulysses!allegra!mit-eddie!genrad!panda!talcott!harvard!seismo!uwvax!dave
From: dave@uwvax.UUCP (Dave Cohrs)
Newsgroups: net.unix-wizards
Subject: Re: ps problem (watch out)
Message-ID: <316@uwvax.UUCP>
Date: Wed, 18-Sep-85 19:31:38 EDT
Article-I.D.: uwvax.316
Posted: Wed Sep 18 19:31:38 1985
Date-Received: Fri, 20-Sep-85 06:40:42 EDT
References: <845@burl.UUCP> <783@lsuc.UUCP> <1530@umcp-cs.UUCP> <706@whuxl.UUCP>
Organization: U of Wisconsin CS Dept
Lines: 27

> > Actually, ``ps'' and other kernel-grubbers should generally be
> > setgid (not setuid) to a special group that can read the appropriate
> > files.
> 
> But you have to be careful:  most ps's let you specify which namelist,
> swap, and core files to open (-n,-s,-c in SV), and you don't want to
> open them with gid sys.
  [ more detail deleted, your news-reading program can find it, I'm sure ]

The simplest way to ensure this protection is (assuming setgid=sys program):
1) open("/dev/kmem", 0)
2) open("/dev/drum", 0) /* or your favorite swap device */
3) setgid(getgid());
4) open("namelist", 0);

...

This way, the protected files get accessed correctly, while the namelist
and all following work get done as joe-user.  Of course, to have extra
protection, you could do a stat() on the namelist file and make sure
it's owned by root or something to guarantee against bogus namelists.

-- 
Dave Cohrs
(608) 262-1204
...!{harvard,ihnp4,seismo,topaz}!uwvax!dave
dave@wisc-romano.arpa