Make sure the process tree is is loop-free by forbidding ptrace()

of a direct ancestor, closing a localhost DoS. As an exception, do permit ptrace() of pid 1 and have inferiors() stop climbing if it hits that. ok tedu@ hpux_compat suggestion from miod@
author: guenther <guenther@openbsd.org> 2010-01-28 19:23:06 +0000
committer: guenther <guenther@openbsd.org> 2010-01-28 19:23:06 +0000
commit: 13a24bb9018306e3a5785aff143782bfa1fd2f63 (patch)
tree: 2dca56153aeeff1a89086807a4e8807e69c8410b /sys/kern/kern_proc.c
parent: Typo, from Micah Cowan. (diff)
download: wireguard-openbsd-13a24bb9018306e3a5785aff143782bfa1fd2f63.tar.xz
wireguard-openbsd-13a24bb9018306e3a5785aff143782bfa1fd2f63.zip
1 files changed, 5 insertions, 5 deletions
diff --git a/sys/kern/kern_proc.c b/sys/kern/kern_proc.c
index ff2854c0dda..8c2eb86af41 100644
--- a/sys/kern/kern_proc.c
+++ b/sys/kern/kern_proc.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: kern_proc.c,v 1.40 2009/04/15 10:47:46 art Exp $	*/
+/*	$OpenBSD: kern_proc.c,v 1.41 2010/01/28 19:23:06 guenther Exp $	*/
 /*	$NetBSD: kern_proc.c,v 1.14 1996/02/09 18:59:41 christos Exp $	*/
 
 /*
@@ -151,14 +151,14 @@ chgproccnt(uid_t uid, int diff)
 }
 
 /*
- * Is p an inferior of the current process?
+ * Is p an inferior of parent?
  */
 int
-inferior(struct proc *p)
+inferior(struct proc *p, struct proc *parent)
 {
 
-	for (; p != curproc; p = p->p_pptr)
-		if (p->p_pid == 0)
+	for (; p != parent; p = p->p_pptr)
+		if (p->p_pid == 0 || p->p_pid == 1)
 			return (0);
 	return (1);
 }
author	guenther <guenther@openbsd.org>	2010-01-28 19:23:06 +0000
committer	guenther <guenther@openbsd.org>	2010-01-28 19:23:06 +0000
commit	13a24bb9018306e3a5785aff143782bfa1fd2f63 (patch)
tree	2dca56153aeeff1a89086807a4e8807e69c8410b /sys/kern/kern_proc.c
parent	Typo, from Micah Cowan. (diff)
download	wireguard-openbsd-13a24bb9018306e3a5785aff143782bfa1fd2f63.tar.xz wireguard-openbsd-13a24bb9018306e3a5785aff143782bfa1fd2f63.zip