When checking for permissions, include the P_INEXEC test and return

EAGAIN if the process is exec'ing.
2002-01-12 18:51:31 +00:00 · 2002-01-12 18:51:31 +00:00 · 5266303896
parent b2d1027db4
commit 5266303896
1 changed files with 13 additions and 8 deletions
--- a/sys/miscfs/procfs/procfs_mem.c
+++ b/sys/miscfs/procfs/procfs_mem.c
@ -1,4 +1,4 @@
-/*	$NetBSD: procfs_mem.c,v 1.29 2001/11/10 13:33:43 lukem Exp $	*/
+/*	$NetBSD: procfs_mem.c,v 1.30 2002/01/12 18:51:31 christos Exp $	*/

 /*
 * Copyright (c) 1993 Jan-Simon Pendry
@ -46,7 +46,7 @@
 */

 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: procfs_mem.c,v 1.29 2001/11/10 13:33:43 lukem Exp $");
+__KERNEL_RCSID(0, "$NetBSD: procfs_mem.c,v 1.30 2002/01/12 18:51:31 christos Exp $");

 #include <sys/param.h>
 #include <sys/systm.h>
@ -122,7 +122,13 @@ procfs_checkioperm(p, t)
 	/*
 	 * You cannot attach to a processes mem/regs if:
 	 *
-	 *	(1) it's not owned by you, or is set-id on exec
+	 *	(1) It is currently exec'ing
+	 */
+	if (ISSET(t->p_flag, P_INEXEC))
+		return (EAGAIN);
+
+	/*
+	 *	(2) it's not owned by you, or is set-id on exec
 	 *	    (unless you're root), or...
 	 */
 	if ((t->p_cred->p_ruid != p->p_cred->p_ruid ||
@ -131,7 +137,7 @@ procfs_checkioperm(p, t)
 		return (error);

 	/*
-	 *	(2) ...it's init, which controls the security level
+	 *	(3) ...it's init, which controls the security level
 	 *	    of the entire system, and the system was not
 	 *	    compiled with permanetly insecure mode turned on.
 	 */
@ -139,12 +145,11 @@ procfs_checkioperm(p, t)
 		return (EPERM);

 	/*
-	 * (3) the tracer is chrooted, and its root directory is
-	 * not at or above the root directory of the tracee
+	 *	(4) the tracer is chrooted, and its root directory is
+	 * 	    not at or above the root directory of the tracee
 	 */
-
 	if (!proc_isunder(t, p))
-		return EPERM;
+		return (EPERM);
 	
 	return (0);
 }