o Add a comment to p_candebug() noting that the P_INEXEC check should

really be moved elsewhere: p_candebug() encapsulates the security policy decision, whereas the P_INEXEC check has to do with "correctness" regarding race conditions, rather than security policy. Example: even if no security protections were enforced (the "uids are advisory" model), removing P_INEXEC could result in incorrect operation due to races on credential evaluation and modification during execve(). Obtained from: TrustedBSD Project
author: rwatson <rwatson@FreeBSD.org> 2001-11-02 16:41:06 +0000
committer: rwatson <rwatson@FreeBSD.org> 2001-11-02 16:41:06 +0000
commit: 41e6d511f21a24ad647c43b18403425ea436b888 (patch)
tree: c1dc26b59d543a32ff9337e0c73fd044b285a83b /sys/kern/kern_prot.c
parent: 7c5f04101dbbe0e0532dfef1d3110c210ed1e343 (diff)
download: FreeBSD-src-41e6d511f21a24ad647c43b18403425ea436b888.zip
FreeBSD-src-41e6d511f21a24ad647c43b18403425ea436b888.tar.gz
1 files changed, 6 insertions, 1 deletions
diff --git a/sys/kern/kern_prot.c b/sys/kern/kern_prot.c
index 6a17898..f98135a 100644
--- a/sys/kern/kern_prot.c
+++ b/sys/kern/kern_prot.c
@@ -1569,7 +1569,12 @@ p_candebug(struct proc *p1, struct proc *p2)
 			return (error);
 	}
 
-	/* can't trace a process that's currently exec'ing */
+	/*
+	 * Can't trace a process that's currently exec'ing.
+	 * XXX: Note, this is not a security policy decision, it's a
+	 * basic correctness/functionality decision.  Therefore, this check
+	 * should be moved to the caller's of p_candebug().
+	 */
 	if ((p2->p_flag & P_INEXEC) != 0)
 		return (EAGAIN);
author	rwatson <rwatson@FreeBSD.org>	2001-11-02 16:41:06 +0000
committer	rwatson <rwatson@FreeBSD.org>	2001-11-02 16:41:06 +0000
commit	41e6d511f21a24ad647c43b18403425ea436b888 (patch)
tree	c1dc26b59d543a32ff9337e0c73fd044b285a83b /sys/kern/kern_prot.c
parent	7c5f04101dbbe0e0532dfef1d3110c210ed1e343 (diff)
download	FreeBSD-src-41e6d511f21a24ad647c43b18403425ea436b888.zip FreeBSD-src-41e6d511f21a24ad647c43b18403425ea436b888.tar.gz