Remove process information leak from inside a jail, when

security.bsd.see_other_uids is set to 0, etc. One can check if invisible process is active, by doing: # ktrace -p <pid> If ktrace returns 'Operation not permitted' the process is alive and if returns 'No such process' there is no such process. MFC after: 1 week
2005-06-09 18:33:21 +00:00 · 2005-06-09 18:33:21 +00:00 · 4eb7c9f6c9
commit 4eb7c9f6c9
parent f3a0f87396
1 changed files with 3 additions and 0 deletions
--- a/sys/kern/kern_ktrace.c
+++ b/sys/kern/kern_ktrace.c
@ -607,11 +607,14 @@ ktrace(td, uap)
 			error = ESRCH;
 			goto done;
 		}
+		error = p_cansee(td, p);
 		/*
 		 * The slock of the proctree lock will keep this process
 		 * from going away, so unlocking the proc here is ok.
 		 */
 		PROC_UNLOCK(p);
+		if (error)
+			goto done;
 		if (descend)
 			ret |= ktrsetchildren(td, p, ops, facs, vp);
 		else