[MacPorts] #37766: htop: binary should be installed SGID procmod, not SUID root

MacPorts noreply at macports.org
Mon Jan 28 11:13:46 PST 2013


#37766: htop: binary should be installed SGID procmod, not SUID root
------------------------------+----------------------
  Reporter:  michael.klein@…  |      Owner:  cal@…
      Type:  defect           |     Status:  reopened
  Priority:  High             |  Milestone:
 Component:  ports            |    Version:  2.1.2
Resolution:                   |   Keywords:  haspatch
      Port:  htop             |
------------------------------+----------------------

Comment (by michael.klein@…):

 Replying to [comment:12 raimue@…]:
 > Replying to [comment:11 cal@…]:
 > > Please do not close this issue until we have discussed if (and how)
 full functionality of htop can be restored without SUID root.
 >
 > I doubt this can be restored. For example, `/bin/ps` is also configured
 as SUID root.

 So just leave it SUID root then and add additional checks in the code?  I
 can think of four places that need an additional check:

 * killing processes (obviously)
 * raising/lowering priority
 * the call to lsof(8)
 * the call to strace (doesn't exist in OS X, check still required)

 I'm attaching a patch to close these holes, but I'm not sure if there are
 more :-/

 > According to man page taskgated(8), legacy versions of OS X granted
 permissions for procmod and procview. I am not even sure whether the group
 procmod does anything useful at the moment. I did not notice a change in
 the behavior of htop whether the permissions are ''root:procmod 2755'' or
 ''root:admin 0755''.

 I can't speak for recent versions, but on 10.5, memory information is only
 shown for the htop process itself in the second case.

-- 
Ticket URL: <https://trac.macports.org/ticket/37766#comment:14>
MacPorts <http://www.macports.org/>
Ports system for Mac OS


More information about the macports-tickets mailing list