#37766: htop: binary should be installed SGID procmod, not SUID root ------------------------------+---------------------- Reporter: michael.klein@… | Owner: cal@… Type: defect | Status: reopened Priority: High | Milestone: Component: ports | Version: 2.1.2 Resolution: | Keywords: haspatch Port: htop | ------------------------------+---------------------- Comment (by michael.klein@…): Replying to [comment:12 raimue@…]:
Replying to [comment:11 cal@…]:
Please do not close this issue until we have discussed if (and how) full functionality of htop can be restored without SUID root.
I doubt this can be restored. For example, `/bin/ps` is also configured as SUID root.
So just leave it SUID root then and add additional checks in the code? I can think of four places that need an additional check: * killing processes (obviously) * raising/lowering priority * the call to lsof(8) * the call to strace (doesn't exist in OS X, check still required) I'm attaching a patch to close these holes, but I'm not sure if there are more :-/
According to man page taskgated(8), legacy versions of OS X granted permissions for procmod and procview. I am not even sure whether the group procmod does anything useful at the moment. I did not notice a change in the behavior of htop whether the permissions are ''root:procmod 2755'' or ''root:admin 0755''.
I can't speak for recent versions, but on 10.5, memory information is only shown for the htop process itself in the second case. -- Ticket URL: <https://trac.macports.org/ticket/37766#comment:14> MacPorts <http://www.macports.org/> Ports system for Mac OS