From owner-cvs-all Fri Nov 2 10:44:56 2001 Delivered-To: cvs-all@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 044A437B401; Fri, 2 Nov 2001 10:44:51 -0800 (PST) Received: (from rwatson@localhost) by freefall.freebsd.org (8.11.4/8.11.4) id fA2IipI21839; Fri, 2 Nov 2001 10:44:51 -0800 (PST) (envelope-from rwatson) Message-Id: <200111021844.fA2IipI21839@freefall.freebsd.org> From: Robert Watson Date: Fri, 2 Nov 2001 10:44:50 -0800 (PST) To: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: src/sys/kern kern_prot.c X-FreeBSD-CVS-Branch: HEAD Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG rwatson 2001/11/02 10:44:50 PST Modified files: sys/kern kern_prot.c Log: o Introduce group subset test, which limits the ability of a process to debug another process based on their respective {effective,additional, saved,real} gid's. p1 is only permitted to debug p2 if its effective gids (egid + additional groups) are a strict superset of the gids of p2. This implements properly the security test previously incorrectly implemented in kern_ktrace.c, and is consistent with the kernel security policy (although might be slightly confusing for those more familiar with the userland policy). o Restructure p_candebug() logic so that various results are generated comparing uids, gids, credential changes, and then composed in a single check before testing for privilege. These tests encapsulate the "BSD" inter-process debugging policy. Other non-BSD checks remain seperate. Additional comments are added. Submitted by: tmm, rwatson Obtained from: TrustedBSD Project Reviewed by: petef, tmm, rwatson Revision Changes Path 1.120 +36 -8 src/sys/kern/kern_prot.c To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message