diff options
| author | alex <alex@FreeBSD.org> | 1997-04-27 19:02:37 +0000 |
|---|---|---|
| committer | alex <alex@FreeBSD.org> | 1997-04-27 19:02:37 +0000 |
| commit | ced78602fea5284de7f4cb1673405ad3f3ad57ce (patch) | |
| tree | f4104c901887914ce8863cf8d48a859c89e1b6db | |
| parent | 5dcc803654149aef81fb1d8194a751fb9d264703 (diff) | |
| download | FreeBSD-src-ced78602fea5284de7f4cb1673405ad3f3ad57ce.zip FreeBSD-src-ced78602fea5284de7f4cb1673405ad3f3ad57ce.tar.gz | |
Prevent debugger attachment to init when securelevel > 0.
Noticed by: Brian Buchanan <brian@wasteland.calbbs.com>
| -rw-r--r-- | sys/fs/procfs/procfs_ctl.c | 7 | ||||
| -rw-r--r-- | sys/kern/sys_process.c | 7 | ||||
| -rw-r--r-- | sys/miscfs/procfs/procfs_ctl.c | 7 |
3 files changed, 18 insertions, 3 deletions
diff --git a/sys/fs/procfs/procfs_ctl.c b/sys/fs/procfs/procfs_ctl.c index 4370e0c..9f47539 100644 --- a/sys/fs/procfs/procfs_ctl.c +++ b/sys/fs/procfs/procfs_ctl.c @@ -37,7 +37,7 @@ * @(#)procfs_ctl.c 8.4 (Berkeley) 6/15/94 * * From: - * $Id: procfs_ctl.c,v 1.13 1997/02/22 09:40:27 peter Exp $ + * $Id: procfs_ctl.c,v 1.14 1997/03/24 11:24:40 bde Exp $ */ #include <sys/param.h> @@ -52,6 +52,7 @@ #include <sys/signal.h> #include <sys/signalvar.h> #include <sys/ptrace.h> +#include <sys/systm.h> #include <miscfs/procfs/procfs.h> #include <vm/vm.h> @@ -130,6 +131,10 @@ procfs_control(curp, p, op) if (p->p_pid == curp->p_pid) return (EINVAL); + /* can't trace init when securelevel > 0 */ + if (securelevel > 0 && p->p_pid == 1) + return (EPERM); + /* * Go ahead and set the trace flag. * Save the old parent (it's reset in diff --git a/sys/kern/sys_process.c b/sys/kern/sys_process.c index 7a538b6..02aa392 100644 --- a/sys/kern/sys_process.c +++ b/sys/kern/sys_process.c @@ -28,7 +28,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id$ + * $Id: sys_process.c,v 1.27 1997/02/22 09:39:20 peter Exp $ */ #include <sys/param.h> @@ -39,6 +39,7 @@ #include <sys/ptrace.h> #include <sys/errno.h> #include <sys/queue.h> +#include <sys/systm.h> #include <machine/reg.h> #include <machine/psl.h> @@ -250,6 +251,10 @@ ptrace(curp, uap, retval) return error; } + /* can't trace init when securelevel > 0 */ + if (securelevel > 0 && p->p_pid == 1) + return EPERM; + /* OK */ break; diff --git a/sys/miscfs/procfs/procfs_ctl.c b/sys/miscfs/procfs/procfs_ctl.c index 4370e0c..9f47539 100644 --- a/sys/miscfs/procfs/procfs_ctl.c +++ b/sys/miscfs/procfs/procfs_ctl.c @@ -37,7 +37,7 @@ * @(#)procfs_ctl.c 8.4 (Berkeley) 6/15/94 * * From: - * $Id: procfs_ctl.c,v 1.13 1997/02/22 09:40:27 peter Exp $ + * $Id: procfs_ctl.c,v 1.14 1997/03/24 11:24:40 bde Exp $ */ #include <sys/param.h> @@ -52,6 +52,7 @@ #include <sys/signal.h> #include <sys/signalvar.h> #include <sys/ptrace.h> +#include <sys/systm.h> #include <miscfs/procfs/procfs.h> #include <vm/vm.h> @@ -130,6 +131,10 @@ procfs_control(curp, p, op) if (p->p_pid == curp->p_pid) return (EINVAL); + /* can't trace init when securelevel > 0 */ + if (securelevel > 0 && p->p_pid == 1) + return (EPERM); + /* * Go ahead and set the trace flag. * Save the old parent (it's reset in |
