do not permit ktrace on P_SUGID; millert ok

author: deraadt <deraadt@openbsd.org> 2002-06-27 02:15:52 +0000
committer: deraadt <deraadt@openbsd.org> 2002-06-27 02:15:52 +0000
commit: d12967f6e20392db8de44ea9003382df3323d889 (patch)
tree: d8f0a5b0b84e3417a2625e10e7b038f4032f0922
parent: KNF (diff)
download: wireguard-openbsd-d12967f6e20392db8de44ea9003382df3323d889.tar.xz
wireguard-openbsd-d12967f6e20392db8de44ea9003382df3323d889.zip
1 files changed, 3 insertions, 2 deletions
diff --git a/sys/kern/kern_ktrace.c b/sys/kern/kern_ktrace.c
index 46abeba17f9..5615a72a324 100644
--- a/sys/kern/kern_ktrace.c
+++ b/sys/kern/kern_ktrace.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: kern_ktrace.c,v 1.28 2002/06/06 15:41:46 mpech Exp $	*/
+/*	$OpenBSD: kern_ktrace.c,v 1.29 2002/06/27 02:15:52 deraadt Exp $	*/
 /*	$NetBSD: kern_ktrace.c,v 1.23 1996/02/09 18:59:36 christos Exp $	*/
 
 /*
@@ -530,7 +530,8 @@ ktrcanset(callp, targetp)
 	    target->p_ruid == target->p_svuid &&
 	    caller->p_rgid == target->p_rgid &&	/* XXX */
 	    target->p_rgid == target->p_svgid &&
-	    (targetp->p_traceflag & KTRFAC_ROOT) == 0) ||
+	    (targetp->p_traceflag & KTRFAC_ROOT) == 0 &&
+	    !ISSET(targetp->p_flag, P_SUGID)) ||
 	    caller->pc_ucred->cr_uid == 0)
 		return (1);
author	deraadt <deraadt@openbsd.org>	2002-06-27 02:15:52 +0000
committer	deraadt <deraadt@openbsd.org>	2002-06-27 02:15:52 +0000
commit	d12967f6e20392db8de44ea9003382df3323d889 (patch)
tree	d8f0a5b0b84e3417a2625e10e7b038f4032f0922
parent	KNF (diff)
download	wireguard-openbsd-d12967f6e20392db8de44ea9003382df3323d889.tar.xz wireguard-openbsd-d12967f6e20392db8de44ea9003382df3323d889.zip