diff options
| author |   deraadt <deraadt@openbsd.org> | 1998-06-09 18:13:45 +0000 |
|---|---|---|
| committer | deraadt <deraadt@openbsd.org> | 1998-06-09 18:13:45 +0000 |
| commit | 8166d04c7a4f5420d4a047ebe3a3c6e86112da8b (patch) | |
| tree | 59678006c37bd9899c72a3844574318cc438db07 | |
| parent | a = a + b; --> a += b; (diff) | |
| download | wireguard-openbsd-8166d04c7a4f5420d4a047ebe3a3c6e86112da8b.tar.xz wireguard-openbsd-8166d04c7a4f5420d4a047ebe3a3c6e86112da8b.zip | |
do not permit ptrace attach to immutable executable
| -rw-r--r-- | sys/kern/sys_process.c | 11 | ||||
| -rw-r--r-- | sys/miscfs/procfs/procfs_vnops.c | 9 |
2 files changed, 18 insertions, 2 deletions
diff --git a/sys/kern/sys_process.c b/sys/kern/sys_process.c index fa31c1247c4..daa5a16b115 100644 --- a/sys/kern/sys_process.c +++ b/sys/kern/sys_process.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sys_process.c,v 1.4 1996/07/29 14:51:41 deraadt Exp $ */ +/* $OpenBSD: sys_process.c,v 1.5 1998/06/09 18:13:45 deraadt Exp $ */ /* $NetBSD: sys_process.c,v 1.55 1996/05/15 06:17:47 tls Exp $ */ /*- @@ -59,6 +59,8 @@ #include <sys/errno.h> #include <sys/ptrace.h> #include <sys/uio.h> +#include <sys/vnode.h> +#include <sys/stat.h> #include <sys/user.h> #include <sys/mount.h> @@ -91,6 +93,7 @@ sys_ptrace(p, v, retval) struct proc *t; /* target process */ struct uio uio; struct iovec iov; + struct vattr va; int error, write; /* "A foolish consistency..." XXX */ @@ -147,6 +150,12 @@ sys_ptrace(p, v, retval) */ if ((t->p_pid == 1) && (securelevel > -1)) return (EPERM); + + error = VOP_GETATTR(t->p_textvp, &va, p->p_ucred, p); + if (error) + return (error); + if (va.va_flags & IMMUTABLE) + return (EPERM); break; case PT_READ_I: diff --git a/sys/miscfs/procfs/procfs_vnops.c b/sys/miscfs/procfs/procfs_vnops.c index 11a74d5bd5b..4cba8007b2e 100644 --- a/sys/miscfs/procfs/procfs_vnops.c +++ b/sys/miscfs/procfs/procfs_vnops.c @@ -1,4 +1,4 @@ -/* $OpenBSD: procfs_vnops.c,v 1.9 1997/11/06 05:58:43 csapuntz Exp $ */ +/* $OpenBSD: procfs_vnops.c,v 1.10 1998/06/09 18:13:48 deraadt Exp $ */ /* $NetBSD: procfs_vnops.c,v 1.40 1996/03/16 23:52:55 christos Exp $ */ /* @@ -219,6 +219,7 @@ procfs_open(v) struct pfsnode *pfs = VTOPFS(ap->a_vp); struct proc *p1 = ap->a_p; /* tracer */ struct proc *p2; /* traced */ + struct vattr va; int error; if ((p2 = PFIND(pfs->pfs_pid)) == 0) @@ -233,6 +234,12 @@ procfs_open(v) if ((error = procfs_checkioperm(p1, p2)) != 0) return (error); + error = VOP_GETATTR(p2->p_textvp, &va, p1->p_ucred, p1); + if (error) + return (error); + if (va.va_flags & IMMUTABLE) + return (EPERM); + if (ap->a_mode & FWRITE) pfs->pfs_flags = ap->a_mode & (FWRITE|O_EXCL); |