diff options
| author | bitblt <bitblt@cvs.openbsd.org> | 1996-09-26 18:06:35 +0000 |
|---|---|---|
| committer | bitblt <bitblt@cvs.openbsd.org> | 1996-09-26 18:06:35 +0000 |
| commit | dd2c5fcd0f95a68c0e3a20238e4298e9a4434ec0 (patch) | |
| tree | d839c6e05be15a471855c4c23c7eb1798898b51d /sys/miscfs/procfs/procfs_ctl.c | |
| parent | 5dab83240f013a925ddec5b7e0056ede5112097b (diff) | |
It should be possible to trace init if securelevel is at 0, single-user mode,
without having to peg the system at securelevel -1.
Diffstat (limited to 'sys/miscfs/procfs/procfs_ctl.c')
| -rw-r--r-- | sys/miscfs/procfs/procfs_ctl.c | 17 |
1 files changed, 16 insertions, 1 deletions
diff --git a/sys/miscfs/procfs/procfs_ctl.c b/sys/miscfs/procfs/procfs_ctl.c index d10fe26313f..1ebe5546fe3 100644 --- a/sys/miscfs/procfs/procfs_ctl.c +++ b/sys/miscfs/procfs/procfs_ctl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: procfs_ctl.c,v 1.2 1996/02/27 08:03:35 niklas Exp $ */ +/* $OpenBSD: procfs_ctl.c,v 1.3 1996/09/26 18:06:34 bitblt Exp $ */ /* $NetBSD: procfs_ctl.c,v 1.14 1996/02/09 22:40:48 christos Exp $ */ /* @@ -124,6 +124,21 @@ procfs_control(curp, p, op) return (EINVAL); /* + * it's not owned by you, or the last exec gave us + * setuid/setgid privs (unless you're root), + */ + if ((t->p_cred->p_ruid != p->p_cred->p_ruid || + ISSET(t->p_flag, P_SUGID)) && + (error = suser(p->p_ucred, &p->p_acflag)) != 0) + return (error); + + /* + * ...it's init, which controls the security level + */ + if (t->p_pid == 1 && securelevel > 0) + return (EPERM); + + /* * Go ahead and set the trace flag. * Save the old parent (it's reset in * _DETACH, and also in kern_exit.c:wait4() |