Date: Tue, 12 Aug 1997 00:08:11 -0700 From: Jason Thorpe <thorpej@nas.nasa.gov> To: Sean Eric Fagan <sef@freebsd.org> Cc: cvs-committers@freebsd.org, cvs-all@freebsd.org, cvs-sys@freebsd.org Subject: Re: cvs commit: src/sys/miscfs/procfs procfs.h procfs_mem.c procfs_regs.c procfs_vnops.c Message-ID: <199708120708.AAA23636@lestat.nas.nasa.gov>
next in thread | raw e-mail | index | archive | help
On Mon, 11 Aug 1997 21:34:31 -0700 (PDT) Sean Eric Fagan <sef@FreeBSD.ORG> wrote: > sef 1997/08/11 21:34:31 PDT > > Modified files: > sys/miscfs/procfs procfs.h procfs_mem.c procfs_regs.c > procfs_vnops.c > Log: > Fix procfs security hole -- check permissions on meaningful I/Os (namely, > reading/writing of mem and regs). Also have to check for the requesting > process being group KMEM -- this is a bit of a hack, but ps et al need it. This is why ps(1) shouldn't use procfs :-) In any case, it's probably also reasonable to allow uid 0 to perform said i/o on setuid processes. IIRC, this would make it the same as the constraints on ptrace(2). Jason R. Thorpe thorpej@nas.nasa.gov NASA Ames Research Center Home: +1 408 866 1912 NAS: M/S 258-6 Work: +1 415 604 0935 Moffett Field, CA 94035 Pager: +1 415 428 6939
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199708120708.AAA23636>