diff options
| author |   guenther <guenther@openbsd.org> | 2010-01-28 19:23:06 +0000 |
|---|---|---|
| committer | guenther <guenther@openbsd.org> | 2010-01-28 19:23:06 +0000 |
| commit | 13a24bb9018306e3a5785aff143782bfa1fd2f63 (patch) | |
| tree | 2dca56153aeeff1a89086807a4e8807e69c8410b /sys/kern/sys_process.c | |
| parent | Typo, from Micah Cowan. (diff) | |
| download | wireguard-openbsd-13a24bb9018306e3a5785aff143782bfa1fd2f63.tar.xz wireguard-openbsd-13a24bb9018306e3a5785aff143782bfa1fd2f63.zip | |
Make sure the process tree is is loop-free by forbidding ptrace()
of a direct ancestor, closing a localhost DoS. As an exception,
do permit ptrace() of pid 1 and have inferiors() stop climbing if
it hits that.
ok tedu@ hpux_compat suggestion from miod@
Diffstat (limited to 'sys/kern/sys_process.c')
| -rw-r--r-- | sys/kern/sys_process.c | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/sys/kern/sys_process.c b/sys/kern/sys_process.c index cd58c064ddf..72a65276cff 100644 --- a/sys/kern/sys_process.c +++ b/sys/kern/sys_process.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sys_process.c,v 1.43 2008/10/31 17:29:51 deraadt Exp $ */ +/* $OpenBSD: sys_process.c,v 1.44 2010/01/28 19:23:06 guenther Exp $ */ /* $NetBSD: sys_process.c,v 1.55 1996/05/15 06:17:47 tls Exp $ */ /*- @@ -167,6 +167,14 @@ sys_ptrace(struct proc *p, void *v, register_t *retval) */ if ((t->p_pid == 1) && (securelevel > -1)) return (EPERM); + + /* + * (6) it's an ancestor of the current process and + * not init (because that would create a loop in + * the process graph). + */ + if (t->p_pid != 1 && inferior(p, t)) + return (EINVAL); break; case PT_READ_I: |