diff options
author | pjd <pjd@FreeBSD.org> | 2005-06-09 18:33:21 +0000 |
---|---|---|
committer | pjd <pjd@FreeBSD.org> | 2005-06-09 18:33:21 +0000 |
commit | 5269cbb9cd6e60ed5e489aa9b931af95285e8154 (patch) | |
tree | 8d0524c1ca142373ded40de3b6625b529d7a4393 /sys/kern/kern_ktrace.c | |
parent | d9753fcc91300f01e119361188066ae736562a35 (diff) | |
download | FreeBSD-src-5269cbb9cd6e60ed5e489aa9b931af95285e8154.zip FreeBSD-src-5269cbb9cd6e60ed5e489aa9b931af95285e8154.tar.gz |
Remove process information leak from inside a jail, when
security.bsd.see_other_uids is set to 0, etc.
One can check if invisible process is active, by doing:
# ktrace -p <pid>
If ktrace returns 'Operation not permitted' the process is alive and
if returns 'No such process' there is no such process.
MFC after: 1 week
Diffstat (limited to 'sys/kern/kern_ktrace.c')
-rw-r--r-- | sys/kern/kern_ktrace.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/sys/kern/kern_ktrace.c b/sys/kern/kern_ktrace.c index e504871..a331fa3 100644 --- a/sys/kern/kern_ktrace.c +++ b/sys/kern/kern_ktrace.c @@ -607,11 +607,14 @@ ktrace(td, uap) error = ESRCH; goto done; } + error = p_cansee(td, p); /* * The slock of the proctree lock will keep this process * from going away, so unlocking the proc here is ok. */ PROC_UNLOCK(p); + if (error) + goto done; if (descend) ret |= ktrsetchildren(td, p, ops, facs, vp); else |