Fix procfs security hole -- check permissions on meaningful I/Os (namely,

reading/writing of mem and regs).  Also have to check for the requesting
process being group KMEM -- this is a bit of a hack, but ps et al need it.

Reviewed by:	davidg

1 files changed, 9 insertions, 5 deletions

diff --git a/sys/fs/procfs/procfs_vnops.c b/sys/fs/procfs/procfs_vnops.c
index 77f2e49..f876318 100644
--- a/sys/fs/procfs/procfs_vnops.c
+++ b/sys/fs/procfs/procfs_vnops.c
@@ -36,7 +36,7 @@
  *
  *	@(#)procfs_vnops.c	8.18 (Berkeley) 5/21/95
  *
- *	$Id: procfs_vnops.c,v 1.29 1997/02/24 16:44:11 bde Exp $
+ *	$Id: procfs_vnops.c,v 1.30 1997/08/02 14:32:20 bde Exp $
  */
 
 /*
@@ -127,16 +127,21 @@ procfs_open(ap)
 	} */ *ap;
 {
 	struct pfsnode *pfs = VTOPFS(ap->a_vp);
+	struct proc *p1 = ap->a_p, *p2 = PFIND(pfs->pfs_pid);
+
+	if (p2 == NULL)
+		return ENOENT;
 
 	switch (pfs->pfs_type) {
 	case Pmem:
-		if (PFIND(pfs->pfs_pid) == 0)
-			return (ENOENT);	/* was ESRCH, jsp */
-
 		if ((pfs->pfs_flags & FWRITE) && (ap->a_mode & O_EXCL) ||
 		    (pfs->pfs_flags & O_EXCL) && (ap->a_mode & FWRITE))
 			return (EBUSY);
 
+		if (!CHECKIO(p1, p2) &&
+		    (p1->p_cred->pc_ucred->cr_gid != KMEM_GROUP))
+			return EPERM;
+
 		if (ap->a_mode & FWRITE)
 			pfs->pfs_flags = ap->a_mode & (FWRITE|O_EXCL);
 
@@ -194,7 +199,6 @@ procfs_ioctl(ap)
 		struct proc *a_p;
 	} */ *ap;
 {
-
 	return (ENOTTY);
 }