Make sure the process tree is is loop-free by forbidding ptrace()

of a direct ancestor, closing a localhost DoS. As an exception, do permit ptrace() of pid 1 and have inferiors() stop climbing if it hits that. ok tedu@ hpux_compat suggestion from miod@
author: guenther <guenther@openbsd.org> 2010-01-28 19:23:06 +0000
committer: guenther <guenther@openbsd.org> 2010-01-28 19:23:06 +0000
commit: 13a24bb9018306e3a5785aff143782bfa1fd2f63 (patch)
tree: 2dca56153aeeff1a89086807a4e8807e69c8410b /sys/kern/kern_prot.c
parent: Typo, from Micah Cowan. (diff)
download: wireguard-openbsd-13a24bb9018306e3a5785aff143782bfa1fd2f63.tar.xz
wireguard-openbsd-13a24bb9018306e3a5785aff143782bfa1fd2f63.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/sys/kern/kern_prot.c b/sys/kern/kern_prot.c
index 882a083656a..e707c68e0da 100644
--- a/sys/kern/kern_prot.c
+++ b/sys/kern/kern_prot.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: kern_prot.c,v 1.40 2010/01/14 23:12:11 schwarze Exp $	*/
+/*	$OpenBSD: kern_prot.c,v 1.41 2010/01/28 19:23:06 guenther Exp $	*/
 /*	$NetBSD: kern_prot.c,v 1.33 1996/02/09 18:59:42 christos Exp $	*/
 
 /*
@@ -282,7 +282,7 @@ sys_setpgid(struct proc *curp, void *v, register_t *retval)
 	newpgrp = pool_get(&pgrp_pool, PR_WAITOK);
 
 	if (pid != 0 && pid != curp->p_pid) {
-		if ((targp = pfind(pid)) == 0 || !inferior(targp)) {
+		if ((targp = pfind(pid)) == 0 || !inferior(targp, curp)) {
 			error = ESRCH;
 			goto out;
 		}
author	guenther <guenther@openbsd.org>	2010-01-28 19:23:06 +0000
committer	guenther <guenther@openbsd.org>	2010-01-28 19:23:06 +0000
commit	13a24bb9018306e3a5785aff143782bfa1fd2f63 (patch)
tree	2dca56153aeeff1a89086807a4e8807e69c8410b /sys/kern/kern_prot.c
parent	Typo, from Micah Cowan. (diff)
download	wireguard-openbsd-13a24bb9018306e3a5785aff143782bfa1fd2f63.tar.xz wireguard-openbsd-13a24bb9018306e3a5785aff143782bfa1fd2f63.zip