contrary to documentation and other implementations, kevent was preventing

a process from watching other users' procs. but there are no secrets here.
remove that check.
at the same time, note that as far as pledge is concerned, while most of
kevent is a "stdio" type operation, process monitoring belongs to the
"proc" family, so add an additional check here.
ok deraadt millert

1 files changed, 6 insertions, 10 deletions

diff --git a/sys/kern/kern_event.c b/sys/kern/kern_event.c
index d017b73bcc5..846e29f182b 100644
--- a/sys/kern/kern_event.c
+++ b/sys/kern/kern_event.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: kern_event.c,v 1.71 2016/01/06 17:58:46 tedu Exp $	*/
+/*	$OpenBSD: kern_event.c,v 1.72 2016/05/13 19:05:07 tedu Exp $	*/
 
 /*-
  * Copyright (c) 1999,2000,2001 Jonathan Lemon <jlemon@FreeBSD.org>
@@ -32,6 +32,7 @@
 #include <sys/systm.h>
 #include <sys/kernel.h>
 #include <sys/proc.h>
+#include <sys/pledge.h>
 #include <sys/malloc.h>
 #include <sys/unistd.h>
 #include <sys/file.h>
@@ -211,6 +212,10 @@ filt_procattach(struct knote *kn)
 {
 	struct process *pr;
 
+	if ((curproc->p_p->ps_flags & PS_PLEDGE) &&
+	    (curproc->p_p->ps_pledge & PLEDGE_PROC) == 0)
+		return pledge_fail(curproc, EPERM, PLEDGE_PROC);
+
 	pr = prfind(kn->kn_id);
 	if (pr == NULL)
 		return (ESRCH);
@@ -219,15 +224,6 @@ filt_procattach(struct knote *kn)
 	if (pr->ps_flags & PS_EXITING)
 		return (ESRCH);
 
-	/*
-	 * Fail if it's not owned by you, or the last exec gave us
-	 * setuid/setgid privs (unless you're root).
-	 */
-	if (pr != curproc->p_p &&
-	    (pr->ps_ucred->cr_ruid != curproc->p_ucred->cr_ruid ||
-	    (pr->ps_flags & PS_SUGID)) && suser(curproc, 0) != 0)
-		return (EACCES);
-
 	kn->kn_ptr.p_process = pr;
 	kn->kn_flags |= EV_CLEAR;		/* automatically set */