diff options
| author | Niels Provos <provos@cvs.openbsd.org> | 2000-11-18 22:16:50 +0000 |
|---|---|---|
| committer | Niels Provos <provos@cvs.openbsd.org> | 2000-11-18 22:16:50 +0000 |
| commit | 6291ef8a4b5d4bf248c4507260bee62eb0ed7a06 (patch) | |
| tree | 7a867d95772143490cf4aa9ff2d49eacb20e9c43 /sys/kern | |
| parent | 9728e85db4933d775dd9d7b0a29a190d1b782bb0 (diff) | |
better permission check; okay art@, millert@
Diffstat (limited to 'sys/kern')
| -rw-r--r-- | sys/kern/kern_event.c | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/sys/kern/kern_event.c b/sys/kern/kern_event.c index 730c5cfc9f2..4c5fed5e9ac 100644 --- a/sys/kern/kern_event.c +++ b/sys/kern/kern_event.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kern_event.c,v 1.4 2000/11/17 06:34:23 provos Exp $ */ +/* $OpenBSD: kern_event.c,v 1.5 2000/11/18 22:16:49 provos Exp $ */ /*- * Copyright (c) 1999,2000 Jonathan Lemon <jlemon@FreeBSD.org> @@ -200,7 +200,14 @@ filt_procattach(struct knote *kn) p = pfind(kn->kn_id); if (p == NULL) return (ESRCH); - if (suser(p->p_ucred, &p->p_acflag) != 0) + + /* + * Fail if it's not owned by you, or the last exec gave us + * setuid/setgid privs (unless you're root). + */ + if ((p->p_cred->p_ruid != curproc->p_cred->p_ruid || + (p->p_flag & P_SUGID)) && + suser(curproc->p_ucred, &curproc->p_acflag) != 0) return (EACCES); kn->kn_ptr.p_proc = p; |