o Modify access control checks in p_candebug() such that the policy is as

  follows: the effective uid of p1 (subject) must equal the real, saved,
  and effective uids of p2 (object), p2 must not have undergone a
  credential downgrade.  A subject with appropriate privilege may override
  these protections.

  In the future, we will extend these checks to require that p1 effective
  group membership must be a superset of p2 effective group membership.

Obtained from:	TrustedBSD Project

1 files changed, 3 insertions, 3 deletions

diff --git a/sys/kern/kern_prot.c b/sys/kern/kern_prot.c
index 127d10c..f0b4ff8 100644
--- a/sys/kern/kern_prot.c
+++ b/sys/kern/kern_prot.c
@@ -1178,9 +1178,9 @@ p_candebug(struct proc *p1, struct proc *p2, int *privused)
 
 	/* not owned by you, has done setuid (unless you're root) */
 	/* add a CAP_SYS_PTRACE here? */
-	if (p1->p_cred->pc_ucred->cr_uid != p2->p_cred->p_ruid ||
-	    p1->p_cred->p_ruid != p2->p_cred->p_ruid ||
-	    p1->p_cred->p_svuid != p2->p_cred->p_ruid ||
+	if (p1->p_cred->pc_ucred->cr_uid != p2->p_cred->pc_ucred->cr_uid ||
+	    p1->p_cred->pc_ucred->cr_uid != p2->p_cred->p_svuid ||
+	    p1->p_cred->pc_ucred->cr_uid != p2->p_cred->p_ruid ||
 	    p2->p_flag & P_SUGID) {
 		if ((error = suser_xxx(0, p1, PRISON_ROOT)))
 			return (error);