Remove process information leak from inside a jail, when

security.bsd.see_other_uids is set to 0, etc. One can check if invisible process is active, by doing: # ktrace -p <pid> If ktrace returns 'Operation not permitted' the process is alive and if returns 'No such process' there is no such process. MFC after: 1 week
author: pjd <pjd@FreeBSD.org> 2005-06-09 18:33:21 +0000
committer: pjd <pjd@FreeBSD.org> 2005-06-09 18:33:21 +0000
commit: 5269cbb9cd6e60ed5e489aa9b931af95285e8154 (patch)
tree: 8d0524c1ca142373ded40de3b6625b529d7a4393 /sys/kern/kern_ktrace.c
parent: d9753fcc91300f01e119361188066ae736562a35 (diff)
download: FreeBSD-src-5269cbb9cd6e60ed5e489aa9b931af95285e8154.zip
FreeBSD-src-5269cbb9cd6e60ed5e489aa9b931af95285e8154.tar.gz
1 files changed, 3 insertions, 0 deletions
diff --git a/sys/kern/kern_ktrace.c b/sys/kern/kern_ktrace.c
index e504871..a331fa3 100644
--- a/sys/kern/kern_ktrace.c
+++ b/sys/kern/kern_ktrace.c
@@ -607,11 +607,14 @@ ktrace(td, uap)
 			error = ESRCH;
 			goto done;
 		}
+		error = p_cansee(td, p);
 		/*
 		 * The slock of the proctree lock will keep this process
 		 * from going away, so unlocking the proc here is ok.
 		 */
 		PROC_UNLOCK(p);
+		if (error)
+			goto done;
 		if (descend)
 			ret |= ktrsetchildren(td, p, ops, facs, vp);
 		else
author	pjd <pjd@FreeBSD.org>	2005-06-09 18:33:21 +0000
committer	pjd <pjd@FreeBSD.org>	2005-06-09 18:33:21 +0000
commit	5269cbb9cd6e60ed5e489aa9b931af95285e8154 (patch)
tree	8d0524c1ca142373ded40de3b6625b529d7a4393 /sys/kern/kern_ktrace.c
parent	d9753fcc91300f01e119361188066ae736562a35 (diff)
download	FreeBSD-src-5269cbb9cd6e60ed5e489aa9b931af95285e8154.zip FreeBSD-src-5269cbb9cd6e60ed5e489aa9b931af95285e8154.tar.gz