diff options
author | phk <phk@FreeBSD.org> | 1999-11-21 19:03:20 +0000 |
---|---|---|
committer | phk <phk@FreeBSD.org> | 1999-11-21 19:03:20 +0000 |
commit | fd22d5412a1070b4d246fd214adad09041a53661 (patch) | |
tree | 867fad2f774e25520c2cda23aadefcd7ffc0c9a7 /sys/fs/procfs | |
parent | 8e826fbb578d38649959b6b64ece53cd8b855cbc (diff) | |
download | FreeBSD-src-fd22d5412a1070b4d246fd214adad09041a53661.zip FreeBSD-src-fd22d5412a1070b4d246fd214adad09041a53661.tar.gz |
Introduce the new function
p_trespass(struct proc *p1, struct proc *p2)
which returns zero or an errno depending on the legality of p1 trespassing
on p2.
Replace kern_sig.c:CANSIGNAL() with call to p_trespass() and one
extra signal related check.
Replace procfs.h:CHECKIO() macros with calls to p_trespass().
Only show command lines to process which can trespass on the target
process.
Diffstat (limited to 'sys/fs/procfs')
-rw-r--r-- | sys/fs/procfs/procfs.h | 13 | ||||
-rw-r--r-- | sys/fs/procfs/procfs_dbregs.c | 2 | ||||
-rw-r--r-- | sys/fs/procfs/procfs_fpregs.c | 2 | ||||
-rw-r--r-- | sys/fs/procfs/procfs_mem.c | 2 | ||||
-rw-r--r-- | sys/fs/procfs/procfs_regs.c | 2 | ||||
-rw-r--r-- | sys/fs/procfs/procfs_status.c | 2 | ||||
-rw-r--r-- | sys/fs/procfs/procfs_vnops.c | 4 |
7 files changed, 7 insertions, 20 deletions
diff --git a/sys/fs/procfs/procfs.h b/sys/fs/procfs/procfs.h index bd6a554..1402a7c 100644 --- a/sys/fs/procfs/procfs.h +++ b/sys/fs/procfs/procfs.h @@ -90,19 +90,6 @@ struct pfsnode { #define KMEM_GROUP 2 -/* - * Check to see whether access to target process is allowed - * Evaluates to 1 if access is allowed. - */ -#define CHECKIO(p1, p2) \ - ((p1) == (p2) || \ - (PRISON_CHECK(p1, p2) && \ - ((((p1)->p_ucred->cr_uid == (p2)->p_cred->p_ruid) && \ - ((p1)->p_cred->p_ruid == (p2)->p_cred->p_ruid) && \ - ((p1)->p_cred->p_svuid == (p2)->p_cred->p_ruid) && \ - ((p2)->p_flag & P_SUGID) == 0) || \ - (suser_xxx(0, (p1), PRISON_ROOT) == 0)))) - #define PROCFS_FILENO(pid, type) \ (((type) < Pproc) ? \ ((type) + 2) : \ diff --git a/sys/fs/procfs/procfs_dbregs.c b/sys/fs/procfs/procfs_dbregs.c index ce990e9..0df1c3e 100644 --- a/sys/fs/procfs/procfs_dbregs.c +++ b/sys/fs/procfs/procfs_dbregs.c @@ -63,7 +63,7 @@ procfs_dodbregs(curp, p, pfs, uio) char *kv; int kl; - if (!CHECKIO(curp, p)) + if (p_trespass(curp, p)) return (EPERM); kl = sizeof(r); kv = (char *) &r; diff --git a/sys/fs/procfs/procfs_fpregs.c b/sys/fs/procfs/procfs_fpregs.c index b3331e5..d4a4cfe 100644 --- a/sys/fs/procfs/procfs_fpregs.c +++ b/sys/fs/procfs/procfs_fpregs.c @@ -60,7 +60,7 @@ procfs_dofpregs(curp, p, pfs, uio) char *kv; int kl; - if (!CHECKIO(curp, p)) + if (p_trespass(curp, p)) return EPERM; kl = sizeof(r); kv = (char *) &r; diff --git a/sys/fs/procfs/procfs_mem.c b/sys/fs/procfs/procfs_mem.c index 521bd5b..e075a7a 100644 --- a/sys/fs/procfs/procfs_mem.c +++ b/sys/fs/procfs/procfs_mem.c @@ -296,7 +296,7 @@ procfs_domem(curp, p, pfs, uio) * All in all, quite yucky. */ - if (!CHECKIO(curp, p) && + if (p_trespass(curp, p) && !(uio->uio_rw == UIO_READ && procfs_kmemaccess(curp))) return EPERM; diff --git a/sys/fs/procfs/procfs_regs.c b/sys/fs/procfs/procfs_regs.c index 0edb9ad..88f85d3 100644 --- a/sys/fs/procfs/procfs_regs.c +++ b/sys/fs/procfs/procfs_regs.c @@ -60,7 +60,7 @@ procfs_doregs(curp, p, pfs, uio) char *kv; int kl; - if (!CHECKIO(curp, p)) + if (p_trespass(curp, p)) return EPERM; kl = sizeof(r); kv = (char *) &r; diff --git a/sys/fs/procfs/procfs_status.c b/sys/fs/procfs/procfs_status.c index 0eb3858..e63a12b 100644 --- a/sys/fs/procfs/procfs_status.c +++ b/sys/fs/procfs/procfs_status.c @@ -183,7 +183,7 @@ procfs_docmdline(curp, p, pfs, uio) * Linux behaviour is to return zero-length in this case. */ - if (p->p_args) { + if (p->p_args && !p_trespass(curp, p)) { bp = p->p_args->ar_args; buflen = p->p_args->ar_length; buf = 0; diff --git a/sys/fs/procfs/procfs_vnops.c b/sys/fs/procfs/procfs_vnops.c index c579d73..17075db 100644 --- a/sys/fs/procfs/procfs_vnops.c +++ b/sys/fs/procfs/procfs_vnops.c @@ -146,7 +146,7 @@ procfs_open(ap) return (EBUSY); p1 = ap->a_p; - if (!CHECKIO(p1, p2) && + if (p_trespass(p1, p2) && !procfs_kmemaccess(p1)) return (EPERM); @@ -238,7 +238,7 @@ procfs_ioctl(ap) return ENOTTY; } - if (!CHECKIO(p, procp)) + if (p_trespass(p, procp)) return EPERM; switch (ap->a_command) { |