SUMMARY: top-3.0 under Solaris 2.x

From: Robert Ruge (robert@deakin.edu.au)
Date: Fri Jul 16 1993 - 01:38:30 CDT


----------
X-Sun-Data-Type: text
X-Sun-Data-Description: text
X-Sun-Data-Name: text
X-Sun-Charset: us-ascii
X-Sun-Content-Lines: 35

The original query was:

> I have been running top-3.0 under Solaris 2.1 and 2.2 and it runs as
> expected under root but for any user no processes show up. All of the
> load values look OK but no process table. Any suggestions?

Most people suggested that it was a problem with ownerships and permission
on the top binary which it in fact turned out to be. In Solaris the binary
has to be able to read the /proc filesystem and it can only do this as root.
The proper modes are:

-rwsr-sr-x 1 root sys 51720 Jul 15 15:49 /opt/local/bin/top

HOWEVER, doing this opens up a huge security hole in that anybody can
now kill ANY process that they want. I then found a set of patches for top
that reported to set up some sort of security to stop this. These patches
were lifted from a version for the DELL SVR4 release. THESE PATCHES DO NOT
WORK due to an error in the way the process table is incremented through for
Solaris 2.x.

Below I have included my patches that fix this hole and now restrict users
to killing their own processes.

Thanks to the following people for their responses:

boole.att.com!tommy (Tommy Reingold)
jones@hermes.chpc.utexas.edu
npc@minotaur.Jpl.Nasa.Gov (Nick Christenson, Jet Propulsion Laboratory)
Craig Warren <C.Warren@deakin.edu.au>
peters@nms.otc.com.au (Peter Samuel)
Casper Dik <casper@fwi.uva.nl>
strombrg@hydra.acs.uci.edu
markus@octavia.anu.edu.au (Markus Buchhorn)
adamfox@super.org (Adam Fox)

----------
X-Sun-Data-Type: default
X-Sun-Data-Description: default
X-Sun-Data-Name: top-3.0.patch
X-Sun-Charset: us-ascii
X-Sun-Content-Lines: 127

*** m_sunos5.c Thu Jul 15 15:42:05 1993
--- m_sunos5.c.orig Thu Jul 15 15:41:29 1993
***************
*** 9,19 ****
   * [From <ucbinclude/sys/resource.h>]
   * -DPRIO_MIN=-20 -DPRIO_MAX=20 -DSVR4
   *
- * SECURITY: The end of this module contains the patch to commands.c and
- * top.c to add some sort of security. Apply the patches, add -DSECURITY_OPTION
- * to CFLAGS and recompile. This patch is essentialy a verbatim port of
- * DELL's security mechanism from top 2.1.
- *
   * LIBS: -lelf -lc
   *
   * AUTHOR: Robert Boucher <boucher@sofkin.ca>
--- 9,14 ----
***************
*** 886,936 ****
          tsp->ts_upri = prio;
          return priocntl(P_PID, who, PC_SETPARMS, &parms);
  }
-
- #ifdef SECURITY_OPTION
- #include <sys/resource.h> /* for PRIO_PROCESS */
-
- #define ROOT_ID 0
- #define NICE_VALUE 10
- #define TRUE 1
- #define FALSE 0
-
- int not_su;
- int real_uid;
-
- /* if su return ok, else check to see if it's our process */
- /* if it's ours ok, else -1 */
- check_secure(procnum)
- int procnum;
- {
- register struct prpsinfo *p;
- register int i;
-
- if (not_su) {
- for (i=0,p=pbase;i<nproc;i++,p = (struct prpsinfo *)((char *)p + PRPSINFOSIZE))
- {
- if ( p->pr_pid == procnum )
- {
- return( (p->pr_uid == real_uid) ? 0 : -1);
- }
- }
- return(-1);
- } else return(0);
- }
-
- /* find out if we're really the superuser or just pretending */
- init_secure()
- {
- /* get real uid and find out if it's really root */
- real_uid=getuid();
-
- not_su = (real_uid != ROOT_ID) ? TRUE : FALSE;
- }
-
- nice_us()
- {
- setpriority(PRIO_PROCESS, getpid(), NICE_VALUE);
- }
-
- #endif /* SECURITY_OPTION */
-
--- 881,883 ----
*** commands.c Thu Jul 15 15:45:33 1993
--- commands.c.orig Thu Jul 15 15:40:27 1993
***************
*** 21,27 ****
  #include <signal.h>
  #include <sys/time.h>
  #include <sys/resource.h>
- #include <sys/errno.h>
  #include "sigdesc.h" /* generated automatically */
  #include "boolean.h"
  
--- 21,26 ----
***************
*** 391,400 ****
          {
              ERROR(str, 0);
          }
- else if (check_secure(procnum) == -1)
- {
- ERROR(str, EPERM);
- }
          else if (kill(procnum, signum) == -1)
          {
              /* chalk up an error */
--- 390,395 ----
***************
*** 456,465 ****
          if (scanint(str, &procnum) == -1)
          {
              ERROR(str, 0);
- }
- else if (check_secure(procnum) == -1)
- {
- ERROR(str, EPERM);
          }
          else if (setpriority(PRIO_PROCESS, procnum, prio) == -1)
          {
--- 451,456 ----
*** top.c Thu Jul 15 15:45:11 1993
--- top.c.orig Thu Jul 15 15:40:28 1993
***************
*** 307,320 ****
          else
          {
              topn_specified = Yes;
-
- nice_us();
-
          }
  #endif
      }
-
- init_secure();
  
      /* initialize the kernel memory interface */
      if (machine_init(&statics) == -1)
--- 307,315 ----



This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:08:01 CDT