diff options
author | sef <sef@FreeBSD.org> | 1997-08-12 04:34:30 +0000 |
---|---|---|
committer | sef <sef@FreeBSD.org> | 1997-08-12 04:34:30 +0000 |
commit | ea579a477de5aabed2fd91f73b46be6afbfb2f6d (patch) | |
tree | eac6c582162dcbb910c93ef9d2afc40c754971e4 /sys/fs/procfs/procfs.h | |
parent | 4777af062a5f7f20d37d43b4c740b59b084caba0 (diff) | |
download | FreeBSD-src-ea579a477de5aabed2fd91f73b46be6afbfb2f6d.zip FreeBSD-src-ea579a477de5aabed2fd91f73b46be6afbfb2f6d.tar.gz |
Fix procfs security hole -- check permissions on meaningful I/Os (namely,
reading/writing of mem and regs). Also have to check for the requesting
process being group KMEM -- this is a bit of a hack, but ps et al need it.
Reviewed by: davidg
Diffstat (limited to 'sys/fs/procfs/procfs.h')
-rw-r--r-- | sys/fs/procfs/procfs.h | 14 |
1 files changed, 13 insertions, 1 deletions
diff --git a/sys/fs/procfs/procfs.h b/sys/fs/procfs/procfs.h index 2821aa2..9e051d4 100644 --- a/sys/fs/procfs/procfs.h +++ b/sys/fs/procfs/procfs.h @@ -37,7 +37,7 @@ * @(#)procfs.h 8.9 (Berkeley) 5/14/95 * * From: - * $Id$ + * $Id: procfs.h,v 1.15 1997/02/22 09:40:26 peter Exp $ */ /* @@ -85,6 +85,18 @@ struct pfsnode { (bcmp((s), (cnp)->cn_nameptr, (len)) == 0)) #define KMEM_GROUP 2 + +/* + * Check to see whether access to target process is allowed + * Evaluates to 1 if access is allowed. + */ +#define CHECKIO(p1, p2) \ + ((((p1)->p_cred->pc_ucred->cr_uid == (p2)->p_cred->p_ruid) && \ + ((p1)->p_cred->p_ruid == (p2)->p_cred->p_ruid) && \ + ((p1)->p_cred->p_svuid == (p2)->p_cred->p_ruid) && \ + ((p2)->p_flag & P_SUGID) == 0) || \ + (suser((p1)->p_cred->pc_ucred, &(p1)->p_acflag) == 0)) + /* * Format of a directory entry in /proc, ... * This must map onto struct dirent (see <dirent.h>) |