When checking for permissions, include the P_INEXEC test and return
EAGAIN if the process is exec'ing.
This commit is contained in:
parent
b2d1027db4
commit
5266303896
@ -1,4 +1,4 @@
|
||||
/* $NetBSD: procfs_mem.c,v 1.29 2001/11/10 13:33:43 lukem Exp $ */
|
||||
/* $NetBSD: procfs_mem.c,v 1.30 2002/01/12 18:51:31 christos Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 1993 Jan-Simon Pendry
|
||||
@ -46,7 +46,7 @@
|
||||
*/
|
||||
|
||||
#include <sys/cdefs.h>
|
||||
__KERNEL_RCSID(0, "$NetBSD: procfs_mem.c,v 1.29 2001/11/10 13:33:43 lukem Exp $");
|
||||
__KERNEL_RCSID(0, "$NetBSD: procfs_mem.c,v 1.30 2002/01/12 18:51:31 christos Exp $");
|
||||
|
||||
#include <sys/param.h>
|
||||
#include <sys/systm.h>
|
||||
@ -122,7 +122,13 @@ procfs_checkioperm(p, t)
|
||||
/*
|
||||
* You cannot attach to a processes mem/regs if:
|
||||
*
|
||||
* (1) it's not owned by you, or is set-id on exec
|
||||
* (1) It is currently exec'ing
|
||||
*/
|
||||
if (ISSET(t->p_flag, P_INEXEC))
|
||||
return (EAGAIN);
|
||||
|
||||
/*
|
||||
* (2) it's not owned by you, or is set-id on exec
|
||||
* (unless you're root), or...
|
||||
*/
|
||||
if ((t->p_cred->p_ruid != p->p_cred->p_ruid ||
|
||||
@ -131,7 +137,7 @@ procfs_checkioperm(p, t)
|
||||
return (error);
|
||||
|
||||
/*
|
||||
* (2) ...it's init, which controls the security level
|
||||
* (3) ...it's init, which controls the security level
|
||||
* of the entire system, and the system was not
|
||||
* compiled with permanetly insecure mode turned on.
|
||||
*/
|
||||
@ -139,12 +145,11 @@ procfs_checkioperm(p, t)
|
||||
return (EPERM);
|
||||
|
||||
/*
|
||||
* (3) the tracer is chrooted, and its root directory is
|
||||
* not at or above the root directory of the tracee
|
||||
* (4) the tracer is chrooted, and its root directory is
|
||||
* not at or above the root directory of the tracee
|
||||
*/
|
||||
|
||||
if (!proc_isunder(t, p))
|
||||
return EPERM;
|
||||
return (EPERM);
|
||||
|
||||
return (0);
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user