When checking for permissions, include the P_INEXEC test and return

EAGAIN if the process is exec'ing.
This commit is contained in:
christos 2002-01-12 18:51:31 +00:00
parent b2d1027db4
commit 5266303896

View File

@ -1,4 +1,4 @@
/* $NetBSD: procfs_mem.c,v 1.29 2001/11/10 13:33:43 lukem Exp $ */
/* $NetBSD: procfs_mem.c,v 1.30 2002/01/12 18:51:31 christos Exp $ */
/*
* Copyright (c) 1993 Jan-Simon Pendry
@ -46,7 +46,7 @@
*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: procfs_mem.c,v 1.29 2001/11/10 13:33:43 lukem Exp $");
__KERNEL_RCSID(0, "$NetBSD: procfs_mem.c,v 1.30 2002/01/12 18:51:31 christos Exp $");
#include <sys/param.h>
#include <sys/systm.h>
@ -122,7 +122,13 @@ procfs_checkioperm(p, t)
/*
* You cannot attach to a processes mem/regs if:
*
* (1) it's not owned by you, or is set-id on exec
* (1) It is currently exec'ing
*/
if (ISSET(t->p_flag, P_INEXEC))
return (EAGAIN);
/*
* (2) it's not owned by you, or is set-id on exec
* (unless you're root), or...
*/
if ((t->p_cred->p_ruid != p->p_cred->p_ruid ||
@ -131,7 +137,7 @@ procfs_checkioperm(p, t)
return (error);
/*
* (2) ...it's init, which controls the security level
* (3) ...it's init, which controls the security level
* of the entire system, and the system was not
* compiled with permanetly insecure mode turned on.
*/
@ -139,12 +145,11 @@ procfs_checkioperm(p, t)
return (EPERM);
/*
* (3) the tracer is chrooted, and its root directory is
* not at or above the root directory of the tracee
* (4) the tracer is chrooted, and its root directory is
* not at or above the root directory of the tracee
*/
if (!proc_isunder(t, p))
return EPERM;
return (EPERM);
return (0);
}