diff options
| author |   millert <millert@openbsd.org> | 2003-03-09 01:33:59 +0000 |
|---|---|---|
| committer | millert <millert@openbsd.org> | 2003-03-09 01:33:59 +0000 |
| commit | 3b4725f4162ce0ba5cd025b31a63667e23d57874 (patch) | |
| tree | efdd60f4c624eb2b630938303b3250279a4e3beb /sys/kern/sys_process.c | |
| parent | Make the semantics of the P_SUGIDEXEC flag match the issetugid(2) (diff) | |
| download | wireguard-openbsd-3b4725f4162ce0ba5cd025b31a63667e23d57874.tar.xz wireguard-openbsd-3b4725f4162ce0ba5cd025b31a63667e23d57874.zip | |
Disallow ptrace if P_SUGIDEXEC flag is set (we already disallow if P_SUGID
is set). deraadt@ and tholo@ OK.
Diffstat (limited to 'sys/kern/sys_process.c')
| -rw-r--r-- | sys/kern/sys_process.c | 13 |
1 files changed, 7 insertions, 6 deletions
diff --git a/sys/kern/sys_process.c b/sys/kern/sys_process.c index e0a36f1925f..0b0549b9812 100644 --- a/sys/kern/sys_process.c +++ b/sys/kern/sys_process.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sys_process.c,v 1.23 2002/06/27 02:04:50 deraadt Exp $ */ +/* $OpenBSD: sys_process.c,v 1.24 2003/03/09 01:33:59 millert Exp $ */ /* $NetBSD: sys_process.c,v 1.55 1996/05/15 06:17:47 tls Exp $ */ /*- @@ -137,13 +137,14 @@ sys_ptrace(p, v, retval) * gave us setuid/setgid privs (unless * you're root), or... * - * [Note: once P_SUGID gets set in execve(), it stays - * set until the process does another execve(). Hence - * this prevents a setuid process which revokes it's - * special privilidges using setuid() from being - * traced. This is good security.] + * [Note: once P_SUGID or P_SUGIDEXEC gets set in + * execve(), they stay set until the process does + * another execve(). Hence this prevents a setuid + * process which revokes it's special privileges using + * setuid() from being traced. This is good security.] */ if ((t->p_cred->p_ruid != p->p_cred->p_ruid || + ISSET(t->p_flag, P_SUGIDEXEC) || ISSET(t->p_flag, P_SUGID)) && (error = suser(p->p_ucred, &p->p_acflag)) != 0) return (error); |