From mitsuru@zebu.riken.go.jp  Fri Feb 23 23:17:39 2001
Return-Path: <mitsuru@zebu.riken.go.jp>
Received: from zebu.riken.go.jp (zebu.riken.go.jp [134.160.20.73])
	by hub.freebsd.org (Postfix) with SMTP id 5A92C37B401
	for <FreeBSD-gnats-submit@freebsd.org>; Fri, 23 Feb 2001 23:17:37 -0800 (PST)
	(envelope-from mitsuru@zebu.riken.go.jp)
Received: (qmail 74600 invoked by uid 123); 24 Feb 2001 07:17:51 -0000
Message-Id: <20010224071751.74599.qmail@zebu.riken.go.jp>
Date: 24 Feb 2001 07:17:51 -0000
From: mitsuru@riken.go.jp
Reply-To: mitsuru@riken.go.jp
To: FreeBSD-gnats-submit@freebsd.org
Subject: dmesg -a
X-Send-Pr-Version: 3.2

>Number:         25336
>Category:       bin
>Synopsis:       dmesg -a
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Feb 23 23:20:00 PST 2001
>Closed-Date:    Mon Nov 19 15:18:52 PST 2001
>Last-Modified:  Tue Nov 27 18:35:07 PST 2001
>Originator:     
>Release:        
>Organization:
>Environment:
>Description:
 Submitter-Id:   current-users
 Originator:     Mitsuru Yoshida
 Organization:   RIKEN
 Confidential:   no
 Synopsis:       dmesg -a should be restricted 
 Severity:       serious
 Priority:       medium
 Category:       bin
 Release:        FreeBSD 4.2-STABLE i386
 Class:          change-request
 Environment: 
 
         FreeBSD 4.2-STABLE i386
 
 Description: 
 
         Using dmesg -a, any user can get all data in the message buffer, 
         and it may cause security problem. Especially all messages written to 
         the console are stored in the message buffer during single user mode,
         and any user can get them later. The use of -a option should be 
         restricted to root user.
 
 How-To-Repeat: 
 
 	dmesg -a
 
 Fix: 
 
 --- dmesg.c.dist	Wed Feb 21 10:00:26 2001
 +++ dmesg.c	Wed Feb 21 10:02:11 2001
 @@ -56,6 +56,7 @@
  #include <unistd.h>
  #include <vis.h>
  #include <sys/syslog.h>
 +#include <sys/types.h>
  
  struct nlist nl[] = {
  #define	X_MSGBUF	0
 @@ -87,6 +88,10 @@
  	while ((ch = getopt(argc, argv, "aM:N:")) != -1)
  		switch(ch) {
  		case 'a':
 +			if (getuid() != (uid_t)0) {
 +			  fprintf(stderr,"dmesg: must be root to get all data in the message buffer\n");
 +			  exit(1);
 +			}
  			all++;
  			break;
  		case 'M':
 
>How-To-Repeat:
>Fix:
>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: gnats-admin->freebsd-bugs 
Responsible-Changed-By: phk 
Responsible-Changed-When: Wed Apr 4 00:38:57 PDT 2001 
Responsible-Changed-Why:  
over to bugs 

http://www.freebsd.org/cgi/query-pr.cgi?pr=25336 
State-Changed-From-To: open->closed 
State-Changed-By: iedowse 
State-Changed-When: Mon Nov 19 15:18:52 PST 2001 
State-Changed-Why:  

Duplicate of bin/25337, which has more information in the audit 
trail. 

http://www.FreeBSD.org/cgi/query-pr.cgi?pr=25336 
>Unformatted:
