diff options
| author |   tedu <tedu@openbsd.org> | 2014-12-12 07:45:46 +0000 |
|---|---|---|
| committer | tedu <tedu@openbsd.org> | 2014-12-12 07:45:46 +0000 |
| commit | ad9da47b06fc9089a87b07f5da1c900072247243 (patch) | |
| tree | 73124a3890405baf854e481391ddbeece3233a42 /sys/kern/sys_process.c | |
| parent | Range check the value of the base for typeset -i base x=y. Instead of (diff) | |
| download | wireguard-openbsd-ad9da47b06fc9089a87b07f5da1c900072247243.tar.xz wireguard-openbsd-ad9da47b06fc9089a87b07f5da1c900072247243.zip | |
sysctl kern.global_ptrace.
controls whether you can ptrace any process with appropriate privileges
or only one own's children.
ok deraadt
Diffstat (limited to 'sys/kern/sys_process.c')
| -rw-r--r-- | sys/kern/sys_process.c | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/sys/kern/sys_process.c b/sys/kern/sys_process.c index c4af4b7a47e..31de7a1d2de 100644 --- a/sys/kern/sys_process.c +++ b/sys/kern/sys_process.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sys_process.c,v 1.65 2014/09/08 01:47:06 guenther Exp $ */ +/* $OpenBSD: sys_process.c,v 1.66 2014/12/12 07:45:46 tedu Exp $ */ /* $NetBSD: sys_process.c,v 1.55 1996/05/15 06:17:47 tls Exp $ */ /*- @@ -70,6 +70,7 @@ int process_auxv_offset(struct proc *, struct proc *, struct uio *); #ifdef PTRACE +int global_ptrace; /* permit tracing of not children */ /* * Process debugging system call. */ @@ -211,6 +212,13 @@ sys_ptrace(struct proc *p, void *v, register_t *retval) return (error); /* + * (4.5) it's not a child of the tracing process. + */ + if (global_ptrace == 0 && !inferior(tr, p->p_p) && + (error = suser(p, 0)) != 0) + return (error); + + /* * (5) ...it's init, which controls the security level * of the entire system, and the system was not * compiled with permanently insecure mode turned |