diff options
author | phk <phk@FreeBSD.org> | 1999-11-21 19:03:20 +0000 |
---|---|---|
committer | phk <phk@FreeBSD.org> | 1999-11-21 19:03:20 +0000 |
commit | fd22d5412a1070b4d246fd214adad09041a53661 (patch) | |
tree | 867fad2f774e25520c2cda23aadefcd7ffc0c9a7 /sys/kern/kern_prot.c | |
parent | 8e826fbb578d38649959b6b64ece53cd8b855cbc (diff) | |
download | FreeBSD-src-fd22d5412a1070b4d246fd214adad09041a53661.zip FreeBSD-src-fd22d5412a1070b4d246fd214adad09041a53661.tar.gz |
Introduce the new function
p_trespass(struct proc *p1, struct proc *p2)
which returns zero or an errno depending on the legality of p1 trespassing
on p2.
Replace kern_sig.c:CANSIGNAL() with call to p_trespass() and one
extra signal related check.
Replace procfs.h:CHECKIO() macros with calls to p_trespass().
Only show command lines to process which can trespass on the target
process.
Diffstat (limited to 'sys/kern/kern_prot.c')
-rw-r--r-- | sys/kern/kern_prot.c | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/sys/kern/kern_prot.c b/sys/kern/kern_prot.c index 63d4346..1611cc3 100644 --- a/sys/kern/kern_prot.c +++ b/sys/kern/kern_prot.c @@ -793,6 +793,31 @@ suser_xxx(cred, proc, flag) } /* + * Return zero if p1 can fondle p2, return errno (EPERM/ESRCH) otherwise. + */ + +int +p_trespass(struct proc *p1, struct proc *p2) +{ + + if (p1 == p2) + return (0); + if (!PRISON_CHECK(p1, p2)) + return (ESRCH); + if (p1->p_cred->p_ruid == p2->p_cred->p_ruid) + return (0); + if (p1->p_ucred->cr_uid == p2->p_cred->p_ruid) + return (0); + if (p1->p_cred->p_ruid == p2->p_ucred->cr_uid) + return (0); + if (p1->p_ucred->cr_uid == p2->p_ucred->cr_uid) + return (0); + if (!suser_xxx(0, p1, PRISON_ROOT)) + return (0); + return (EPERM); +} + +/* * Allocate a zeroed cred structure. */ struct ucred * |