src - OpenBSD base system

diff options


context:
space:
mode:

author	Theo de Raadt <deraadt@cvs.openbsd.org>	1998-06-27 07:32:14 +0000
committer	Theo de Raadt <deraadt@cvs.openbsd.org>	1998-06-27 07:32:14 +0000
commit	bf9928833e266260436d77a345724aa6ce1d7edd (patch)
tree	8c791c77e8eb8bbfc725388b2ae8239c0e1aa26f
parent	8887c4463087928913ef641714aab0e3fdfd7a98 (diff)

securelevels do NOT protect running binaries; only filesystem activity

Diffstat

-rw-r--r--

sys/kern/kern_exec.c

-rw-r--r--

sys/kern/sys_process.c

-rw-r--r--

sys/miscfs/procfs/procfs_vnops.c

3 files changed, 3 insertions, 21 deletions

diff --git a/sys/kern/kern_exec.c b/sys/kern/kern_exec.c
index 8e198fc5105..1c7ccd95528 100644
--- a/sys/kern/kern_exec.c
+++ b/sys/kern/kern_exec.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: kern_exec.c,v 1.18 1998/06/09 17:23:04 deraadt Exp $ */

+/* $OpenBSD: kern_exec.c,v 1.19 1998/06/27 07:32:12 deraadt Exp $ */

/* $NetBSD: kern_exec.c,v 1.75 1996/02/09 18:59:28 christos Exp $ */

/*-

@@ -127,8 +127,6 @@ check_exec(p, epp)

if ((vp->v_mount->mnt_flag & MNT_NOSUID) ||

(p->p_flag & P_TRACED) || p->p_fd->fd_refcnt > 1)

epp->ep_vap->va_mode &= ~(VSUID | VSGID);

- if (p->p_flag & P_TRACED && (epp->ep_vap->va_flags & IMMUTABLE))

- goto bad1;

/* check access. for root we have to see if any exec bit on */

if ((error = VOP_ACCESS(vp, VEXEC, p->p_ucred, p)) != 0)

diff --git a/sys/kern/sys_process.c b/sys/kern/sys_process.c
index daa5a16b115..544921f4150 100644
--- a/sys/kern/sys_process.c
+++ b/sys/kern/sys_process.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: sys_process.c,v 1.5 1998/06/09 18:13:45 deraadt Exp $ */

+/* $OpenBSD: sys_process.c,v 1.6 1998/06/27 07:32:13 deraadt Exp $ */

/* $NetBSD: sys_process.c,v 1.55 1996/05/15 06:17:47 tls Exp $ */

/*-

@@ -59,8 +59,6 @@

#include <sys/errno.h>

#include <sys/ptrace.h>

#include <sys/uio.h>

-#include <sys/vnode.h>

-#include <sys/stat.h>

#include <sys/user.h>

#include <sys/mount.h>

@@ -93,7 +91,6 @@ sys_ptrace(p, v, retval)

struct proc *t; /* target process */

struct uio uio;

struct iovec iov;

- struct vattr va;

int error, write;

/* "A foolish consistency..." XXX */

@@ -150,12 +147,6 @@ sys_ptrace(p, v, retval)

if ((t->p_pid == 1) && (securelevel > -1))

return (EPERM);

- error = VOP_GETATTR(t->p_textvp, &va, p->p_ucred, p);

- if (error)

- return (error);

- if (va.va_flags & IMMUTABLE)

- return (EPERM);

break;

case PT_READ_I:

diff --git a/sys/miscfs/procfs/procfs_vnops.c b/sys/miscfs/procfs/procfs_vnops.c
index 4cba8007b2e..a20716360a4 100644
--- a/sys/miscfs/procfs/procfs_vnops.c
+++ b/sys/miscfs/procfs/procfs_vnops.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: procfs_vnops.c,v 1.10 1998/06/09 18:13:48 deraadt Exp $ */

+/* $OpenBSD: procfs_vnops.c,v 1.11 1998/06/27 07:32:11 deraadt Exp $ */

/* $NetBSD: procfs_vnops.c,v 1.40 1996/03/16 23:52:55 christos Exp $ */

@@ -219,7 +219,6 @@ procfs_open(v)

struct pfsnode *pfs = VTOPFS(ap->a_vp);

struct proc *p1 = ap->a_p; /* tracer */

struct proc *p2; /* traced */

- struct vattr va;

int error;

if ((p2 = PFIND(pfs->pfs_pid)) == 0)

@@ -234,12 +233,6 @@ procfs_open(v)

if ((error = procfs_checkioperm(p1, p2)) != 0)

return (error);

- error = VOP_GETATTR(p2->p_textvp, &va, p1->p_ucred, p1);

- if (error)

- return (error);

- if (va.va_flags & IMMUTABLE)

- return (EPERM);

if (ap->a_mode & FWRITE)

pfs->pfs_flags = ap->a_mode & (FWRITE|O_EXCL);