[MacPorts] #37766: htop: binary should be installed SGID procmod, not SUID root
MacPorts
noreply at macports.org
Mon Jan 28 11:13:46 PST 2013
#37766: htop: binary should be installed SGID procmod, not SUID root
------------------------------+----------------------
Reporter: michael.klein@… | Owner: cal@…
Type: defect | Status: reopened
Priority: High | Milestone:
Component: ports | Version: 2.1.2
Resolution: | Keywords: haspatch
Port: htop |
------------------------------+----------------------
Comment (by michael.klein@…):
Replying to [comment:12 raimue@…]:
> Replying to [comment:11 cal@…]:
> > Please do not close this issue until we have discussed if (and how)
full functionality of htop can be restored without SUID root.
>
> I doubt this can be restored. For example, `/bin/ps` is also configured
as SUID root.
So just leave it SUID root then and add additional checks in the code? I
can think of four places that need an additional check:
* killing processes (obviously)
* raising/lowering priority
* the call to lsof(8)
* the call to strace (doesn't exist in OS X, check still required)
I'm attaching a patch to close these holes, but I'm not sure if there are
more :-/
> According to man page taskgated(8), legacy versions of OS X granted
permissions for procmod and procview. I am not even sure whether the group
procmod does anything useful at the moment. I did not notice a change in
the behavior of htop whether the permissions are ''root:procmod 2755'' or
''root:admin 0755''.
I can't speak for recent versions, but on 10.5, memory information is only
shown for the htop process itself in the second case.
--
Ticket URL: <https://trac.macports.org/ticket/37766#comment:14>
MacPorts <http://www.macports.org/>
Ports system for Mac OS
More information about the macports-tickets
mailing list