o Disable two "allow this" exceptions in p_cansched()m retricting the

ability of unprivileged processes to modify the scheduling properties
  of daemons temporarily taking on unprivileged effective credentials.
  These cases (p1->p_cred->p_ruid == p2->p_ucred->cr_uid) and
  (p1->p_ucred->cr_uid == p2->p_ucred->cr_uid), respectively permitting
  a subject process to influence the scheduling of a daemon if the subject
  process has the same real uid or effective uid as the daemon's effective
  uid.  This removes a number of the warning cases identified by the
  proc_to_proc iner-process authorization regression test.
o As these are new restrictions, we'll have to watch out carefully for
  possible side effects on running code: they seem reasonable to me,
  but it's possible this change might have to be backed out if problems
  are experienced.

Reported by:	src/tools/regression/security/proc_to_proc/testuid
Obtained from:	TrustedBSD Project
This commit is contained in:
Robert Watson 2001-04-12 22:46:07 +00:00
parent b28cb1ca07
commit 0489082737

View File

@ -1137,14 +1137,17 @@ p_cansched(struct proc *p1, struct proc *p2, int *privused)
return (0);
if (p1->p_ucred->cr_uid == p2->p_cred->p_ruid)
return (0);
#if 0
/*
* XXX should a process be able to affect another process
* acting as the same uid (i.e., a userland nfsd or the like?)
* acting as the same uid (i.e., sendmail delivery, lpd,
* et al?)
*/
if (p1->p_cred->p_ruid == p2->p_ucred->cr_uid)
return (0);
if (p1->p_ucred->cr_uid == p2->p_ucred->cr_uid)
return (0);
#endif /* 0 */
if (!suser_xxx(0, p1, PRISON_ROOT)) {
if (privused != NULL)