d/freebsd-nq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Revision 1.4 set access for all sensitive files in /proc/<PID> to mode 0

Browse Source 
if a process's uid or gid has changed, but the /proc/<PID> directory
itself was also set to mode 0.  Assuming this doesn't open any
security holes, open access to the /proc/<PID> directory for users
other than root to read or search the directory.

Reviewed by:	des (back in February)
MFC after:	3 weeks
This commit is contained in:
Guy Helmer 2006-05-24 14:03:51 +00:00
parent 6a7d5cb645
commit e06dbd3229
1 changed files with 6 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
sys/fs/procfs/procfs.c
View File

@ -98,9 +98,12 @@ procfs_attr(PFS_ATTR_ARGS)
PROC_LOCK_ASSERT(p, MA_OWNED);
/* XXX inefficient, split into separate functions */
if (p->p_flag & P_SUGID)
vap->va_mode = 0;
else if (strcmp(pn->pn_name, "ctl") == 0 ||
if (p->p_flag & P_SUGID) {
if (pn->pn_type == pfstype_procdir)
vap->va_mode = 0555;
else
vap->va_mode = 0;
} else if (strcmp(pn->pn_name, "ctl") == 0 ||
strcmp(pn->pn_name, "note") == 0 ||
strcmp(pn->pn_name, "notepg") == 0)
vap->va_mode = 0200;