diff options
| author | pjd <pjd@FreeBSD.org> | 2004-03-17 13:19:43 +0000 |
|---|---|---|
| committer | pjd <pjd@FreeBSD.org> | 2004-03-17 13:19:43 +0000 |
| commit | 11852bf57417a045bc27a53f104ccec33ab45b62 (patch) | |
| tree | 7e98494923831a5442eb57f460a169303f365d0d /sys/kern | |
| parent | 0f33a4da2f4ddcefe2fb299dcac66116e44940dd (diff) | |
| download | FreeBSD-src-11852bf57417a045bc27a53f104ccec33ab45b62.zip FreeBSD-src-11852bf57417a045bc27a53f104ccec33ab45b62.tar.gz | |
Fix information leakage.
Without this fix it is possible to cheat policies like:
- sysctl security.bsd.see_other_[gu]ids=0,
- mac_seeotheruids(4),
- jail(2)
and get full processes list with their arguments.
This problem exists from revision 1.62 of kern_proc.c when it was
introduced.
Reviewed by: nectar, rwatson.
Diffstat (limited to 'sys/kern')
| -rw-r--r-- | sys/kern/kern_proc.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/sys/kern/kern_proc.c b/sys/kern/kern_proc.c index 8039085..6034462 100644 --- a/sys/kern/kern_proc.c +++ b/sys/kern/kern_proc.c @@ -1106,11 +1106,16 @@ sysctl_kern_proc_args(SYSCTL_HANDLER_ARGS) if (!p) return (ESRCH); - if ((!ps_argsopen) && (error = p_cansee(curthread, p))) { + if ((error = p_cansee(curthread, p)) != 0) { PROC_UNLOCK(p); return (error); } + if (!ps_argsopen) { + PROC_UNLOCK(p); + return (EPERM); + } + if (req->newptr && curproc != p) { PROC_UNLOCK(p); return (EPERM); |
