[MacPorts] #37766: htop: binary should be installed SGID procmod, not SUID root
MacPorts
noreply at macports.org
Mon Jan 28 05:58:06 PST 2013
#37766: htop: binary should be installed SGID procmod, not SUID root
------------------------------+----------------------
Reporter: michael.klein@… | Owner: cal@…
Type: defect | Status: reopened
Priority: High | Milestone:
Component: ports | Version: 2.1.2
Resolution: | Keywords: haspatch
Port: htop |
------------------------------+----------------------
Comment (by raimue@…):
Replying to [comment:11 cal@…]:
> Please do not close this issue until we have discussed if (and how) full
functionality of htop can be restored without SUID root.
I doubt this can be restored. For example, `/bin/ps` is also configured as
SUID root. If you lower it's permissions it only shows the base name in
parentheses for processes of other users. As far as I checked, both are
using `task_for_pid()` and `task_info()`, which are restricted to root or
signed applications (via authorization policies controlled by taskgated(8)
using rules from `/etc/authorization`).
According to man page taskgated(8), legacy versions of OS X granted
permissions for procmod and procview. I am not even sure whether the group
procmod does anything useful at the moment. I did not notice a change in
the behavior of htop whether the permissions are ''root:procmod 2755'' or
''root:admin 0755''.
--
Ticket URL: <https://trac.macports.org/ticket/37766#comment:12>
MacPorts <http://www.macports.org/>
Ports system for Mac OS
More information about the macports-tickets
mailing list