os/doc
3
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
doc/share/security/patches/SA-00:77/procfs.3.5.1.patch.v1.1
Bjoern A. Zeeb 3571e53040 Import FreeBSD Security Advisories and Errata Notices, as well as their 
patches for easier mirroring, to eliminate a special copy, to make
www.freebsd.org/security a full copy of security.freebsd.org and be
eventually be the same.

For now files are just sitting there.   The symlinks are missing.

Discussed on:	www (repository location)
Discussed with:	simon (so)
2012-08-15 06:19:40 +00:00

184 lines
5.1 KiB
Groff
Raw Blame History

Index: i386/i386/pmap.c
===================================================================
RCS file: /home/ncvs/src/sys/i386/i386/pmap.c,v
retrieving revision 1.250.2.6
retrieving revision 1.250.2.7
diff -u -r1.250.2.6 -r1.250.2.7
--- i386/i386/pmap.c 2000/09/30 02:49:32 1.250.2.6
+++ i386/i386/pmap.c 2000/11/07 18:32:15 1.250.2.7
@@ -2322,8 +2322,11 @@
return;
}
- if (psize + pindex > object->size)
+ if (psize + pindex > object->size) {
+ if (object->size < pindex)
+ return;
psize = object->size - pindex;
+ }
mpte = NULL;
/*
Index: miscfs/procfs/procfs_ctl.c
===================================================================
RCS file: /home/ncvs/src/sys/miscfs/procfs/procfs_ctl.c,v
retrieving revision 1.17.2.1
retrieving revision 1.17.2.2
diff -u -r1.17.2.1 -r1.17.2.2
--- miscfs/procfs/procfs_ctl.c 1999/08/29 16:26:51 1.17.2.1
+++ miscfs/procfs/procfs_ctl.c 2000/12/18 20:56:05 1.17.2.2
@@ -111,6 +111,19 @@
{
int error;
+ /* Authorization check: rely on normal debugging protection, except
+ * allow processes to disecgage debugging on a process onto which
+ * they have previously attached, but no longer have permission to
+ * debug.
+ */
+ if (op != PROCFS_CTL_DETACH) {
+ if (securelevel > 0 && p->p_pid == 1)
+ return (EPERM);
+
+ if (!CHECKIO(curp, p) || !procfs_kmemaccess(curp))
+ return (EPERM);
+ }
+
/*
* Attach - attaches the target process for debugging
* by the calling process.
@@ -123,10 +136,6 @@
/* can't trace yourself! */
if (p->p_pid == curp->p_pid)
return (EINVAL);
-
- /* can't trace init when securelevel > 0 */
- if (securelevel > 0 && p->p_pid == 1)
- return (EPERM);
/*
* Go ahead and set the trace flag.
Index: miscfs/procfs/procfs_status.c
===================================================================
RCS file: /home/ncvs/src/sys/miscfs/procfs/procfs_status.c,v
retrieving revision 1.12.2.3
retrieving revision 1.12.2.4
diff -u -r1.12.2.3 -r1.12.2.4
--- miscfs/procfs/procfs_status.c 1999/12/27 16:05:11 1.12.2.3
+++ miscfs/procfs/procfs_status.c 2000/11/29 10:15:00 1.12.2.4
@@ -53,6 +53,7 @@
#include <vm/vm_param.h>
#include <sys/exec.h>
+#define DOCHECK() do { if (ps >= psbuf+sizeof(psbuf)) goto bailout; } while (0)
int
procfs_dostatus(curp, p, pfs, uio)
struct proc *curp;
@@ -83,63 +84,82 @@
/* comm pid ppid pgid sid maj,min ctty,sldr start ut st wmsg
euid ruid rgid,egid,groups[1 .. NGROUPS]
*/
+ KASSERT(sizeof(psbuf) > MAXCOMLEN,
+ ("Too short buffer for new MAXCOMLEN"));
+
ps = psbuf;
bcopy(p->p_comm, ps, MAXCOMLEN);
ps[MAXCOMLEN] = '\0';
ps += strlen(ps);
- ps += sprintf(ps, " %d %d %d %d ", pid, ppid, pgid, sid);
+
+ DOCHECK();
+ ps += snprintf(ps, psbuf + sizeof(psbuf) - ps,
+ " %d %d %d %d ", pid, ppid, pgid, sid);
+ DOCHECK();
if ((p->p_flag&P_CONTROLT) && (tp = sess->s_ttyp))
- ps += sprintf(ps, "%d,%d ", major(tp->t_dev), minor(tp->t_dev));
+ ps += snprintf(ps, psbuf + sizeof(psbuf) - ps,
+ "%d,%d ", major(tp->t_dev), minor(tp->t_dev));
else
- ps += sprintf(ps, "%d,%d ", -1, -1);
+ ps += snprintf(ps, psbuf + sizeof(psbuf) - ps,
+ "%d,%d ", -1, -1);
sep = "";
if (sess->s_ttyvp) {
- ps += sprintf(ps, "%sctty", sep);
+ ps += snprintf(ps, psbuf + sizeof(psbuf) - ps, "%sctty", sep);
sep = ",";
+ DOCHECK();
}
if (SESS_LEADER(p)) {
- ps += sprintf(ps, "%ssldr", sep);
+ ps += snprintf(ps, psbuf + sizeof(psbuf) - ps, "%ssldr", sep);
sep = ",";
+ DOCHECK();
+ }
+ if (*sep != ',') {
+ ps += snprintf(ps, psbuf + sizeof(psbuf) - ps, "noflags");
+ DOCHECK();
}
- if (*sep != ',')
- ps += sprintf(ps, "noflags");
if (p->p_flag & P_INMEM)
- ps += sprintf(ps, " %ld,%ld",
+ ps += snprintf(ps, psbuf + sizeof(psbuf) - ps, " %ld,%ld",
p->p_stats->p_start.tv_sec,
p->p_stats->p_start.tv_usec);
else
- ps += sprintf(ps, " -1,-1");
+ ps += snprintf(ps, psbuf + sizeof(psbuf) - ps, " -1,-1");
{
struct timeval ut, st;
calcru(p, &ut, &st, (void *) 0);
- ps += sprintf(ps, " %ld,%ld %ld,%ld",
+ ps += snprintf(ps, psbuf + sizeof(psbuf) - ps,
+ " %ld,%ld %ld,%ld",
ut.tv_sec,
ut.tv_usec,
st.tv_sec,
st.tv_usec);
}
- ps += sprintf(ps, " %s",
+ ps += snprintf(ps, psbuf + sizeof(psbuf) - ps, " %s",
(p->p_wchan && p->p_wmesg) ? p->p_wmesg : "nochan");
cr = p->p_ucred;
- ps += sprintf(ps, " %lu %lu %lu",
+ ps += snprintf(ps, psbuf + sizeof(psbuf) - ps, " %lu %lu %lu",
(u_long)cr->cr_uid,
(u_long)p->p_cred->p_ruid,
(u_long)p->p_cred->p_rgid);
+ DOCHECK();
/* egid (p->p_cred->p_svgid) is equal to cr_ngroups[0]
see also getegid(2) in /sys/kern/kern_prot.c */
- for (i = 0; i < cr->cr_ngroups; i++)
- ps += sprintf(ps, ",%lu", (u_long)cr->cr_groups[i]);
- ps += sprintf(ps, "\n");
+ for (i = 0; i < cr->cr_ngroups; i++) {
+ ps += snprintf(ps, psbuf + sizeof(psbuf) - ps,
+ ",%lu", (u_long)cr->cr_groups[i]);
+ DOCHECK();
+ }
+ ps += snprintf(ps, psbuf + sizeof(psbuf) - ps, "\n");
+ DOCHECK();
xlen = ps - psbuf;
xlen -= uio->uio_offset;
@@ -151,6 +171,9 @@
error = uiomove(ps, xlen, uio);
return (error);
+
+bailout:
+ return (ENOMEM);
}
int
Reference in a new issue View git blame Copy permalink