diff options
author | Theo de Raadt <deraadt@cvs.openbsd.org> | 1996-07-29 14:51:42 +0000 |
---|---|---|
committer | Theo de Raadt <deraadt@cvs.openbsd.org> | 1996-07-29 14:51:42 +0000 |
commit | 919f501e19cab8c39dc73f8c6eecd04a8879b30f (patch) | |
tree | b3a0efa2ebaa63ab2fc2ad48a23a166e220756c5 | |
parent | 82f44aed5ba3b5b4b55aec1b94427285cfd370cb (diff) |
comment on ptrace & P_SUGID
-rw-r--r-- | sys/kern/sys_process.c | 13 |
1 files changed, 10 insertions, 3 deletions
diff --git a/sys/kern/sys_process.c b/sys/kern/sys_process.c index f4a4d39cd4b..fa31c1247c4 100644 --- a/sys/kern/sys_process.c +++ b/sys/kern/sys_process.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sys_process.c,v 1.3 1996/05/22 11:52:32 deraadt Exp $ */ +/* $OpenBSD: sys_process.c,v 1.4 1996/07/29 14:51:41 deraadt Exp $ */ /* $NetBSD: sys_process.c,v 1.55 1996/05/15 06:17:47 tls Exp $ */ /*- @@ -124,8 +124,15 @@ sys_ptrace(p, v, retval) return (EBUSY); /* - * (3) it's not owned by you, or is set-id on exec - * (unless you're root), or... + * (3) it's not owned by you, or the last exec + * gave us setuid/setgid privs (unless + * you're root), or... + * + * [Note: once P_SUGID gets set in execve(), it stays + * set until the process does another execve(). Hence + * this prevents a setuid process which revokes it's + * special privilidges using setuid() from being + * traced. This is good security.] */ if ((t->p_cred->p_ruid != p->p_cred->p_ruid || ISSET(t->p_flag, P_SUGID)) && |