diff options
| author | Sean Eric Fagan <sef@FreeBSD.org> | 1997-08-12 04:34:30 +0000 |
|---|---|---|
| committer | Sean Eric Fagan <sef@FreeBSD.org> | 1997-08-12 04:34:30 +0000 |
| commit | 49356a1f4a1c3dfe5740f6f95603cf9708cd0d95 (patch) | |
| tree | 3cc68e71aa2a9c22934634dba214ec456e23fe79 /sys/fs/procfs/procfs.h | |
| parent | 868cddb5fa7a87b6a4f98ea3898d0ef6c166f789 (diff) | |
| download | src-49356a1f4a1c3dfe5740f6f95603cf9708cd0d95.tar.gz src-49356a1f4a1c3dfe5740f6f95603cf9708cd0d95.zip | |
Fix procfs security hole -- check permissions on meaningful I/Os (namely,
reading/writing of mem and regs). Also have to check for the requesting
process being group KMEM -- this is a bit of a hack, but ps et al need it.
Reviewed by: davidg
Notes
Notes:
svn path=/head/; revision=28086
Diffstat (limited to 'sys/fs/procfs/procfs.h')
| -rw-r--r-- | sys/fs/procfs/procfs.h | 14 |
1 files changed, 13 insertions, 1 deletions
diff --git a/sys/fs/procfs/procfs.h b/sys/fs/procfs/procfs.h index 2821aa268a68..9e051d49b1ee 100644 --- a/sys/fs/procfs/procfs.h +++ b/sys/fs/procfs/procfs.h @@ -37,7 +37,7 @@ * @(#)procfs.h 8.9 (Berkeley) 5/14/95 * * From: - * $Id$ + * $Id: procfs.h,v 1.15 1997/02/22 09:40:26 peter Exp $ */ /* @@ -85,6 +85,18 @@ struct pfsnode { (bcmp((s), (cnp)->cn_nameptr, (len)) == 0)) #define KMEM_GROUP 2 + +/* + * Check to see whether access to target process is allowed + * Evaluates to 1 if access is allowed. + */ +#define CHECKIO(p1, p2) \ + ((((p1)->p_cred->pc_ucred->cr_uid == (p2)->p_cred->p_ruid) && \ + ((p1)->p_cred->p_ruid == (p2)->p_cred->p_ruid) && \ + ((p1)->p_cred->p_svuid == (p2)->p_cred->p_ruid) && \ + ((p2)->p_flag & P_SUGID) == 0) || \ + (suser((p1)->p_cred->pc_ucred, &(p1)->p_acflag) == 0)) + /* * Format of a directory entry in /proc, ... * This must map onto struct dirent (see <dirent.h>) |