diff options
author | rwatson <rwatson@FreeBSD.org> | 2001-05-17 21:48:44 +0000 |
---|---|---|
committer | rwatson <rwatson@FreeBSD.org> | 2001-05-17 21:48:44 +0000 |
commit | 51497c8b5faffba80597b6c66dd23a94dfae30fe (patch) | |
tree | 404aede2ec9bdc1aadc563d0d4eca806f3ca7687 /sys | |
parent | 93b02fbe46b4cdcee277f07b069ced2a38bcf491 (diff) | |
download | FreeBSD-src-51497c8b5faffba80597b6c66dd23a94dfae30fe.zip FreeBSD-src-51497c8b5faffba80597b6c66dd23a94dfae30fe.tar.gz |
o Modify access control checks in p_candebug() such that the policy is as
follows: the effective uid of p1 (subject) must equal the real, saved,
and effective uids of p2 (object), p2 must not have undergone a
credential downgrade. A subject with appropriate privilege may override
these protections.
In the future, we will extend these checks to require that p1 effective
group membership must be a superset of p2 effective group membership.
Obtained from: TrustedBSD Project
Diffstat (limited to 'sys')
-rw-r--r-- | sys/kern/kern_prot.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/sys/kern/kern_prot.c b/sys/kern/kern_prot.c index 127d10c..f0b4ff8 100644 --- a/sys/kern/kern_prot.c +++ b/sys/kern/kern_prot.c @@ -1178,9 +1178,9 @@ p_candebug(struct proc *p1, struct proc *p2, int *privused) /* not owned by you, has done setuid (unless you're root) */ /* add a CAP_SYS_PTRACE here? */ - if (p1->p_cred->pc_ucred->cr_uid != p2->p_cred->p_ruid || - p1->p_cred->p_ruid != p2->p_cred->p_ruid || - p1->p_cred->p_svuid != p2->p_cred->p_ruid || + if (p1->p_cred->pc_ucred->cr_uid != p2->p_cred->pc_ucred->cr_uid || + p1->p_cred->pc_ucred->cr_uid != p2->p_cred->p_svuid || + p1->p_cred->pc_ucred->cr_uid != p2->p_cred->p_ruid || p2->p_flag & P_SUGID) { if ((error = suser_xxx(0, p1, PRISON_ROOT))) return (error); |