diff options
author | trociny <trociny@FreeBSD.org> | 2011-12-05 19:34:02 +0000 |
---|---|---|
committer | trociny <trociny@FreeBSD.org> | 2011-12-05 19:34:02 +0000 |
commit | b9b4d81b8d9e9676a68f79db430260df62029cc5 (patch) | |
tree | 728edad83eeb9a5e04ae32362a0b597027901085 /sys/kern/kern_proc.c | |
parent | a8855af4c0d2c4374763f3e58b930b60da8a1fa4 (diff) | |
download | FreeBSD-src-b9b4d81b8d9e9676a68f79db430260df62029cc5.zip FreeBSD-src-b9b4d81b8d9e9676a68f79db430260df62029cc5.tar.gz |
Protect kern.proc.auxv and kern.proc.ps_strings sysctls with p_candebug().
Citing jilles:
If we are ever going to do ASLR, the AUXV information tells an attacker
where the stack, executable and RTLD are located, which defeats much of
the point of randomizing the addresses in the first place.
Given that the AUXV information seems to be used by debuggers only anyway,
I think it would be good to move it to p_candebug() now.
The full virtual memory maps (KERN_PROC_VMMAP, procstat -v) are already
under p_candebug().
Suggested by: jilles
Discussed with: rwatson
MFC after: 1 week
Diffstat (limited to 'sys/kern/kern_proc.c')
-rw-r--r-- | sys/kern/kern_proc.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/sys/kern/kern_proc.c b/sys/kern/kern_proc.c index 3b96d51..d60fd26 100644 --- a/sys/kern/kern_proc.c +++ b/sys/kern/kern_proc.c @@ -1782,7 +1782,8 @@ sysctl_kern_proc_auxv(SYSCTL_HANDLER_ARGS) PROC_UNLOCK(p); return (ESRCH); } - if ((error = p_cansee(curthread, p)) != 0) { + error = p_candebug(curthread, p); + if (error != 0) { PROC_UNLOCK(p); return (error); } @@ -2456,7 +2457,8 @@ sysctl_kern_proc_ps_strings(SYSCTL_HANDLER_ARGS) p = pfind((pid_t)name[0]); if (p == NULL) return (ESRCH); - if ((error = p_cansee(curthread, p)) != 0) { + error = p_cansee(curthread, p); + if (error != 0) { PROC_UNLOCK(p); return (error); } |