3571e53040
patches for easier mirroring, to eliminate a special copy, to make www.freebsd.org/security a full copy of security.freebsd.org and be eventually be the same. For now files are just sitting there. The symlinks are missing. Discussed on: www (repository location) Discussed with: simon (so)
40 lines
1.1 KiB
Diff
40 lines
1.1 KiB
Diff
Index: miscfs/procfs/procfs_ctl.c
|
|
===================================================================
|
|
RCS file: /home/ncvs/src/sys/miscfs/procfs/procfs_ctl.c,v
|
|
retrieving revision 1.20
|
|
retrieving revision 1.20.2.1
|
|
diff -u -r1.20 -r1.20.2.1
|
|
--- miscfs/procfs/procfs_ctl.c 1999/12/08 08:59:36 1.20
|
|
+++ miscfs/procfs/procfs_ctl.c 2000/12/17 03:13:05 1.20.2.1
|
|
@@ -111,6 +111,20 @@
|
|
int error;
|
|
|
|
/*
|
|
+ * Authorization check: rely on normal debugging protection, except
|
|
+ * allow processes to disengage debugging on a process onto which
|
|
+ * they have previously attached, but no longer have permission to
|
|
+ * debug.
|
|
+ */
|
|
+ if (op != PROCFS_CTL_DETACH) {
|
|
+ if (securelevel > 0 && p->p_pid == 1)
|
|
+ return (EPERM);
|
|
+
|
|
+ if (!CHECKIO(curp, p) || p_trespass(curp, p))
|
|
+ return (EPERM);
|
|
+ }
|
|
+
|
|
+ /*
|
|
* Attach - attaches the target process for debugging
|
|
* by the calling process.
|
|
*/
|
|
@@ -122,10 +136,6 @@
|
|
/* can't trace yourself! */
|
|
if (p->p_pid == curp->p_pid)
|
|
return (EINVAL);
|
|
-
|
|
- /* can't trace init when securelevel > 0 */
|
|
- if (securelevel > 0 && p->p_pid == 1)
|
|
- return (EPERM);
|
|
|
|
/*
|
|
* Go ahead and set the trace flag.
|