diff options
author | rwatson <rwatson@FreeBSD.org> | 2001-11-02 16:41:06 +0000 |
---|---|---|
committer | rwatson <rwatson@FreeBSD.org> | 2001-11-02 16:41:06 +0000 |
commit | 41e6d511f21a24ad647c43b18403425ea436b888 (patch) | |
tree | c1dc26b59d543a32ff9337e0c73fd044b285a83b /sys | |
parent | 7c5f04101dbbe0e0532dfef1d3110c210ed1e343 (diff) | |
download | FreeBSD-src-41e6d511f21a24ad647c43b18403425ea436b888.zip FreeBSD-src-41e6d511f21a24ad647c43b18403425ea436b888.tar.gz |
o Add a comment to p_candebug() noting that the P_INEXEC check should
really be moved elsewhere: p_candebug() encapsulates the security
policy decision, whereas the P_INEXEC check has to do with "correctness"
regarding race conditions, rather than security policy.
Example: even if no security protections were enforced (the "uids are
advisory" model), removing P_INEXEC could result in incorrect operation
due to races on credential evaluation and modification during execve().
Obtained from: TrustedBSD Project
Diffstat (limited to 'sys')
-rw-r--r-- | sys/kern/kern_prot.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/sys/kern/kern_prot.c b/sys/kern/kern_prot.c index 6a17898..f98135a 100644 --- a/sys/kern/kern_prot.c +++ b/sys/kern/kern_prot.c @@ -1569,7 +1569,12 @@ p_candebug(struct proc *p1, struct proc *p2) return (error); } - /* can't trace a process that's currently exec'ing */ + /* + * Can't trace a process that's currently exec'ing. + * XXX: Note, this is not a security policy decision, it's a + * basic correctness/functionality decision. Therefore, this check + * should be moved to the caller's of p_candebug(). + */ if ((p2->p_flag & P_INEXEC) != 0) return (EAGAIN); |