From mitsuru@zebu.riken.go.jp  Fri Feb 23 00:01:51 2001
Return-Path: <mitsuru@zebu.riken.go.jp>
Received: from zebu.riken.go.jp (zebu.riken.go.jp [134.160.20.73])
	by hub.freebsd.org (Postfix) with SMTP id A194037B401
	for <FreeBSD-gnats-submit@freebsd.org>; Fri, 23 Feb 2001 00:01:50 -0800 (PST)
	(envelope-from mitsuru@zebu.riken.go.jp)
Received: (qmail 37122 invoked by uid 123); 23 Feb 2001 08:02:01 -0000
Message-Id: <20010223080201.37121.qmail@zebu.riken.go.jp>
Date: 23 Feb 2001 08:02:01 -0000
From: mitsuru@riken.go.jp
Reply-To: mitsuru@riken.go.jp
To: FreeBSD-gnats-submit@freebsd.org
Subject: dmesg -a
X-Send-Pr-Version: 3.2

>Number:         25298
>Category:       bin
>Synopsis:       dmesg -a
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    gnats-admin
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Feb 23 00:10:01 PST 2001
>Closed-Date:    Mon Mar 19 11:23:36 PST 2001
>Last-Modified:  Wed Oct 26 06:35:58 GMT 2005
>Originator:     
>Release:        
>Organization:
>Environment:
>Description:
 Originator:     Mitsuru Yoshida
 Organization:   RIKEN
 Confidential:   no <FreeBSD PRs are public data>
 Synopsis:       using dmesg -a should be restricted
 Severity:       serious
 Priority:       medium
 Category:       bin
 Release:        FreeBSD 4.2-STABLE i386
 Class:          change-request
 Environment: 
 
 	FreeBSD 4.2-STABLE i386
 
 Description: 
 
 	Using dmesg -a, all data in the message buffer can be read by any user,
        and it may cause security problem. Especially all messages written to 
        the console are stored in the message buffer during single user mode,
        and any user can read them later. The use of -a option should be 
        restricted to root user.
 
 How-To-Repeat: 
 
 	dmesg -a
 
 Fix: 
 
 --- dmesg.c.dist	Wed Feb 21 10:00:26 2001
 +++ dmesg.c	Wed Feb 21 10:02:11 2001
 @@ -56,6 +56,7 @@
  #include <unistd.h>
  #include <vis.h>
  #include <sys/syslog.h>
 +#include <sys/types.h>
  
  struct nlist nl[] = {
  #define	X_MSGBUF	0
 @@ -87,6 +88,10 @@
  	while ((ch = getopt(argc, argv, "aM:N:")) != -1)
  		switch(ch) {
  		case 'a':
 +			if (getuid() != (uid_t)0) {
 +			  fprintf(stderr,"dmesg: must be root to get all data in the message buffer\n");
 +			  exit(1);
 +			}
  			all++;
  			break;
  		case 'M':
 
>How-To-Repeat:
>Fix:
>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed 
State-Changed-By: phk 
State-Changed-When: Mon Mar 19 11:23:36 PST 2001 
State-Changed-Why:  
duplicate 

http://www.freebsd.org/cgi/query-pr.cgi?pr=25298 
>Unformatted:
