Prevent debugger attachment to init when securelevel > 0.

Noticed by: Brian Buchanan <brian@wasteland.calbbs.com>
author: alex <alex@FreeBSD.org> 1997-04-27 19:02:37 +0000
committer: alex <alex@FreeBSD.org> 1997-04-27 19:02:37 +0000
commit: ced78602fea5284de7f4cb1673405ad3f3ad57ce (patch)
tree: f4104c901887914ce8863cf8d48a859c89e1b6db /sys/fs
parent: 5dcc803654149aef81fb1d8194a751fb9d264703 (diff)
download: FreeBSD-src-ced78602fea5284de7f4cb1673405ad3f3ad57ce.zip
FreeBSD-src-ced78602fea5284de7f4cb1673405ad3f3ad57ce.tar.gz
1 files changed, 6 insertions, 1 deletions
diff --git a/sys/fs/procfs/procfs_ctl.c b/sys/fs/procfs/procfs_ctl.c
index 4370e0c..9f47539 100644
--- a/sys/fs/procfs/procfs_ctl.c
+++ b/sys/fs/procfs/procfs_ctl.c
@@ -37,7 +37,7 @@
  *	@(#)procfs_ctl.c	8.4 (Berkeley) 6/15/94
  *
  * From:
- *	$Id: procfs_ctl.c,v 1.13 1997/02/22 09:40:27 peter Exp $
+ *	$Id: procfs_ctl.c,v 1.14 1997/03/24 11:24:40 bde Exp $
  */
 
 #include <sys/param.h>
@@ -52,6 +52,7 @@
 #include <sys/signal.h>
 #include <sys/signalvar.h>
 #include <sys/ptrace.h>
+#include <sys/systm.h>
 #include <miscfs/procfs/procfs.h>
 
 #include <vm/vm.h>
@@ -130,6 +131,10 @@ procfs_control(curp, p, op)
 		if (p->p_pid == curp->p_pid)
 			return (EINVAL);
 
+		/* can't trace init when securelevel > 0 */
+		if (securelevel > 0 && p->p_pid == 1)
+			return (EPERM);
+
 		/*
 		 * Go ahead and set the trace flag.
 		 * Save the old parent (it's reset in
author	alex <alex@FreeBSD.org>	1997-04-27 19:02:37 +0000
committer	alex <alex@FreeBSD.org>	1997-04-27 19:02:37 +0000
commit	ced78602fea5284de7f4cb1673405ad3f3ad57ce (patch)
tree	f4104c901887914ce8863cf8d48a859c89e1b6db /sys/fs
parent	5dcc803654149aef81fb1d8194a751fb9d264703 (diff)
download	FreeBSD-src-ced78602fea5284de7f4cb1673405ad3f3ad57ce.zip FreeBSD-src-ced78602fea5284de7f4cb1673405ad3f3ad57ce.tar.gz