d/freebsd-nq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

o Recent addition of (p1==p2) exception in p_candebug() permitted

Browse Source 
processes to attach debugging to themselves even though the
  global kern_unprivileged_procdebug_permitted policy might disallow
  this.
o Move the kern_unprivileged_procdebug_permitted check above the
  (p1==p2) check.

Reviewed by:	des
This commit is contained in:
Robert Watson 2001-10-09 16:56:29 +00:00
parent 5162c5cc1e
commit 32d186043b
1 changed files with 9 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
sys/kern/kern_prot.c
View File

@ -1534,6 +1534,12 @@ p_candebug(struct proc *p1, struct proc *p2)
{
int error;
if (!kern_unprivileged_procdebug_permitted) {
error = suser_xxx(NULL, p1, PRISON_ROOT);
if (error)
return (error);
}
if (p1 == p2)
return (0);
@ -1547,8 +1553,9 @@ p_candebug(struct proc *p1, struct proc *p2)
if (p1->p_ucred->cr_uid != p2->p_ucred->cr_uid ||
p1->p_ucred->cr_uid != p2->p_ucred->cr_svuid ||
p1->p_ucred->cr_uid != p2->p_ucred->cr_ruid ||
p2->p_flag & P_SUGID || !kern_unprivileged_procdebug_permitted) {
if ((error = suser_xxx(0, p1, PRISON_ROOT)) != 0)
p2->p_flag & P_SUGID) {
error = suser_xxx(NULL, p1, PRISON_ROOT);
if (error)
return (error);
}