Close another information leak in ktrace(2): one was able to find active

process groups outside a jail, etc. by using ktrace(2).

OK'ed by:	rwatson
Approved by:	re (scottl)
MFC after:	1 week

1 files changed, 16 insertions, 2 deletions

diff --git a/sys/kern/kern_ktrace.c b/sys/kern/kern_ktrace.c
index 7b0ac88..850e9b0 100644
--- a/sys/kern/kern_ktrace.c
+++ b/sys/kern/kern_ktrace.c
@@ -506,7 +506,7 @@ ktrace(td, uap)
 	int facs = uap->facs & ~KTRFAC_ROOT;
 	int ops = KTROP(uap->ops);
 	int descend = uap->ops & KTRFLAG_DESCEND;
-	int ret = 0;
+	int nfound, ret = 0;
 	int flags, error = 0;
 	struct nameidata nd;
 	struct ucred *cred;
@@ -592,11 +592,25 @@ ktrace(td, uap)
 		 * by the proctree_lock rather than pg_mtx.
 		 */
 		PGRP_UNLOCK(pg);
-		LIST_FOREACH(p, &pg->pg_members, p_pglist)
+		nfound = 0;
+		LIST_FOREACH(p, &pg->pg_members, p_pglist) {
+			PROC_LOCK(p);
+			if (p_cansee(td, p) != 0) {
+				PROC_UNLOCK(p); 
+				continue;
+			}
+			PROC_UNLOCK(p); 
+			nfound++;
 			if (descend)
 				ret |= ktrsetchildren(td, p, ops, facs, vp);
 			else
 				ret |= ktrops(td, p, ops, facs, vp);
+		}
+		if (nfound == 0) {
+			sx_sunlock(&proctree_lock);
+			error = ESRCH;
+			goto done;
+		}
 	} else {
 		/*
 		 * by pid